During the development of my website using Next.js, I have encountered a security concern with the way Amplify stores user sessions. Currently, Amplify saves user tokens in the browser's localStorage, which raises doubts about its security.
I am considering switching to cookiesStorage for better security. Can anyone advise on how to configure Amplify to store user sessions in cookiesStorage instead?
If you want to utilize cookies instead of the default storage mechanism in Amplify Gen 2, you can simply add ssr: true to the library options when configuring Amplify.
Amplify.configure(outputs, {
ssr: true // required when using Amplify with Next.js
});
Please Note: To make use of the Amplify library on the client side within a Next.js application, it is necessary to specify
ssrastruewhile invokingAmplify.configure. This enables the Amplify library to store tokens in the cookie store of a browser, ensuring that cookies are sent along with requests to your Next.js server for authentication purposes.
For more information, visit - Configure Amplify library for client-side usage
In order to customize where and how tokens are persisted in your application with Amplify Gen 1, you have the freedom to update the storage mechanism. By default, tokens are stored in localStorage, but you also have the option to import sessionStorage, sharedInMemoryStorage, or CookieStorage.
To store tokens in cookies, include the following line of code.
cognitoUserPoolsTokenProvider.setKeyValueStorage(new CookieStorage());
Here is a full example of the code implementation.
import { Amplify, type ResourcesConfig } from 'aws-amplify';
import { CookieStorage } from 'aws-amplify/utils';
import { cognitoUserPoolsTokenProvider } from 'aws-amplify/auth/cognito';
const authConfig: ResourcesConfig['Auth'] = {
Cognito: {
userPoolId: 'your_user_pool_id',
userPoolClientId: 'your_user_pool_client_id'
}
};
Amplify.configure({
Auth: authConfig
});
cognitoUserPoolsTokenProvider.setKeyValueStorage(new CookieStorage());
To delve deeper into this topic, check out Understand token management options.
I've written a function to validate user inputs in an HTML form (it's a sidebar on Google Sheets): Credit to Chicago Computers Classes function validate() { var fieldsToValidate = document.querySelectorAll("#userform input, #userform se ...
Despite my best efforts, I keep encountering the same error repeatedly: ReferenceError: D:\Secrets - Starting Code\views\submit.ejs:8 6| <h1 class="display-3">Secrets</h1> 7| >> 8| <%usersWith ...
Hey everyone, I have a question regarding a sample code snippet I posted here. In this code, I am successfully uploading a file using Ajax JQuery. However, I am struggling to figure out how to read the content of the uploaded file in my PHP code. Can anyon ...
Utilizing a hyperlink to remove a project from my main.ejs template is causing an issue when I click on the delete option. It shows an error message saying "Cannot GET /delete/6424f79c7dd4cd07ef49acae". Below is the code snippet for the delete hyperlink: ...
Coding in HTML <div class="response"> <input type="checkbox" /> <input type="checkbox" /> <input type="checkbox" /> <input type="checkbox" /> </div> <div class="response"> <input type="check ...
Recently, I came across some code on the express tutorial pages that caught my attention. app.use(express.static('/path/to/html/files')); However, in my specific application scenario, certain requested pages must be generated dynamically. This ...
I am struggling to figure out how to display the value contained in my object after attempting to create a Calendar using Jquery. I attempted to use JSON.toString() on my table data, but it didn't solve the issue. Perhaps I am not placing the toString ...
I recently posted a question on Stack Overflow inquiring about how to input code into an iframe without using a file or URL. While I was successful with simple cases like <h1>Hello World</h1>, my ultimate goal is to integrate three.js into thes ...
I am currently working on a Vue.js Project and have a Dropdown component. Here is the code snippet: <template> <v-menu close-on-click transition="slide-y-transition"> <template v-slot:activator="{ on, attrs }" ...
Having an issue with the JSON array sorting. Initially, the order is not as expected (based on SQL query). The main problem arises when the page loads and the SQL query is called with lastPoll=null - the results are not sorted by time1 DESC, instead they ...
I am encountering an issue with the following script: <script type="text/javascript"> $.getJSON("http://api.twitter.com/1/statuses/user_timeline/koawatea.json?count=1&include_rts=1&callback=?", function(data) { $("#headertweet") ...
Below are two servers and two gqlServers, each with different functionalities. All combinations of them work. The task at hand is to enhance express with predefined code patterns that can be shared across various apps through additional methods. What com ...
Recently, I developed a small chat application that initially functioned well with all code contained in one HTML document. However, after separating the CSS, HTML, and JS into individual files, an issue arose when invoking the register_popup function from ...
Is it possible to read part of a remote file using Ajax without relying on server-side technologies like PHP? I believe the HTTP Range header could be utilized for this purpose, but how can we set it with Ajax? Can we even set HTTP headers in Ajax request ...
Consider the webpage below: export default ({ SSRtasks }) => { const [ tasks, setTasks ] = useState(SSRtasks) const { data: freshTasks, mutate } = useSwr('/api/tasks') useEffect(() => freshTasks && setTasks(freshTasks), [ fres ...
Hello everyone, I recently started learning javascript and I'm facing a challenge with the following problem. Below is the code I've written so far and I would greatly appreciate any feedback on where I may be going wrong and how I can solve this ...
In a task I am working on, customers can pick a time range, but there are different prices for different times. I have created 2 select fields with options for the time: From time <select> <option value="1">22:00</option> <option ...
I currently have my angular2 & mongoDB setup successfully. While I've managed to read JSON files using the HTTP service, my goal is to create a fully functional application with database connectivity as well. I'm seeking advice on how to con ...
There's a specific line that triggers an alert showing "undefined". However, when I just alert results[0].geometry.location, it displays (41.321, 41.556). My goal is to alert this value and then convert it (as an integer) to my id_lat and id_longs... ...
When it comes to creating a layout for my website, I have a simple idea in mind. I want the body content to take up at least 100% of the height of the page. This setup works perfectly on desktop screens, but when I switch to a mobile view (which changes th ...