SuperTokens Blog

All
Sessions
Business
Miscellaneous
Okta acquisition of Auth0
JUNE 01, 2021

Implementing a forgot password flow (with pseudo code)

What should happen on the backend when a user forgets their password? Read to find a pseudo code implementation of the simplest way to reset passwords securely.
Okta acquisition of Auth0
MARCH 05, 2021

The real reason Okta spent $6.5B on Auth0

Why did Okta spend $6.5B on Auth0? What does this mean for app developers? See reactions from customers and employees
Integrating webflow into a react application
DECEMBER 10, 2020

Speed up your web development time by integrating Webflow into a React application

Writing JSX to build pixel perfect UI elements can be very time consuming and frustrating. Learn how react engineers can inject complex elements / React components into a Webflow generated HTML page.
Integrating webflow into a react application
JULY 30, 2020

Detecting session hijacking using rotating refresh tokens - OSW 2020

Session hijacking is one of the oldest, yet unsolved, attack vectors to gain unauthorised access to a user’s account. This discussion is regarding a method called ""rotating refresh tokens"" to better detect token theft.
Cookies or localstorage for storing sessions
JUNE 23, 2020

Cookies vs Localstorage for sessions – everything you need to know

What are the usability and security trade-offs of storing session cookies in cookie storage or browser storage?  Learn more about the best approach and common misconceptions that people have about it.
Express-session vs SuperTokens for handling user sessions
JUNE 11, 2020

 Express-session vs SuperTokens for handling user sessions

This article will be comparing SuperTokens to Node’s most popular session management library– express-session. Learn more about the comparison based on different security and performance metrics. 
Should you use Express-session for your production app?
MAY 06, 2020

Should you use Express-session for your production app?

Being Node’s most popular session management library, express-session has its set of flaws– especially when it comes to security. This article will help you analyse the good and bad parts of it.
OAuth 2.0 vs Session Management
APRIL 24, 2020

OAuth 2.0 vs Session Management

 A lot of developers confuse OAuth with web session management and hence end up using the wrong protocol. This article will clarify when to use what solution.
JWT's for handling user sessions
MARCH 18, 2020

Are you using JWTs for user sessions in the correct way?

:JWTs were originally designed for use in OAuth. This article covers the pros and cons of using JWT and talks about a solution which has the advantages of JWTs without any of its disadvantages.
All you need to know about user session security
JUNE 08, 2019

The best way to securely
manage user sessions

This blog covers an analysis of a new open source session flow that is secure and easy to integrate. Learn more about the customizable library and its implementation details.
All you need to know about user session security
JUNE 07, 2019

All you need to know about user session security

This article covers extensive conversations with over 70+ developers exploring different session management practices, identifying issues and converging on a solution to these issues. 
All you need to know about user session security
JUNE 07, 2019

All you need to know about user session security

This article covers extensive conversations with over 70+ developers exploring different session management practices, identifying issues and converging on a solution to these issues. 
Securely managing user sessions
JUNE 08, 2019

The best way to securely
manage user sessions

This blog covers an analysis of a new open source session flow that is secure and easy to integrate. Learn more about the customizable library and its implementation details.
JWT's for handling user sessions
MARCH 18, 2020

Are you using JWTs for user sessions in the correct way?

:JWTs were originally designed for use in OAuth. This article covers the pros and cons of using JWT and talks about a solution which has the advantages of JWTs without any of its disadvantages.
Cookies or localstorage for storing sessions
JUNE 01, 2021

Implementing a forgot password flow (with pseudo code)

What should happen on the backend when a user forgets their password? Read to find a pseudo code implementation of the simplest way to reset passwords securely.
Cookies or localstorage for storing sessions
JULY 30, 2020

Detecting session hijacking using rotating refresh tokens - OSW 2020

Session hijacking is one of the oldest, yet unsolved, attack vectors to gain unauthorised access to a user’s account. This discussion is regarding a method called ""rotating refresh tokens"" to better detect token theft.
Cookies or localstorage for storing sessions
JUNE 23, 2020

Cookies vs Localstorage for sessions – everything you need to know

What are the usability and security trade-offs of storing session cookies in cookie storage or browser storage?  Learn more about the best approach and common misconceptions that people have about it.
Express-session vs SuperTokens for handling user sessions
JUNE 11, 2020

 Express-session vs SuperTokens for handling user sessions

This article will be comparing SuperTokens to Node’s most popular session management library– express-session. Learn more about the comparison based on different security and performance metrics. 
Should you use Express-session for your production app?
MAY 06, 2020

Should you use Express-session for your production app?

Being Node’s most popular session management library, express-session has its set of flaws– especially when it comes to security. This article will help you analyse the good and bad parts of it.
OAuth 2.0 vs Session Management
APRIL 24, 2020

OAuth 2.0 vs Session Management

 A lot of developers confuse OAuth with web session management and hence end up using the wrong protocol. This article will clarify when to use what solution.
MARCH 05, 2021

The real reason Okta spent $6.5B on Auth0

Why did Okta spend $6.5B on Auth0? What does this mean for app developers? See reactions from customers and employees