Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll

Using Cookies and JWTs for Secure Authentication

Well done!

You have completed Using Cookies and JWTs for Secure Authentication!

Sign up for Treehouse Back to Library
Preview
Video Player
00:00
00:00
00:00
  1. 2x 2x
  2. 1.75x 1.75x
  3. 1.5x 1.5x
  4. 1.25x 1.25x
  5. 1.1x 1.1x
  6. 1x 1x
  7. 0.75x 0.75x
  8. 0.5x 0.5x
Use Up/Down Arrow keys to increase or decrease volume.

Decoding Cookies

3:09 with Alena Holligan

We have an auth cookie being set on login and removed on logout. Now we need to switch our authentication to use this cookie instead of the session.

We have an off cookie being set on login, and removed on logout. 0:00
Now we need to switch our authentication to use this cookie instead of the session. 0:06
Let's create a helper function to make it easier to read the cookie properties. 0:12
Function DecodeAuthCookie(). 0:17
Cookie = json_decode(request() 0:28
cookies->get('auth') and 0:36
return $cookie. 0:44
Let's call this new function on our homepage. 0:48
We can remove those request and call decondeAuthCookie. 0:54
Now let's go back to the browser. 1:03
Great, we can see both the auth, user ID and the auth roles. 1:06
But what if we just want to grab the user ID? 1:11
Let's go back to the function. 1:14
We're going to accept a new optional argument. 1:19
Prop = null. 1:24
Then we're going to check if, $prop === null, 1:29
Then we're just going to return the cookie. 1:41
Next, we want to check if 1:45
(!isset($cookie->$prop)) then 1:50
we'll return false. 1:59
And finally we can return 2:03
the cookie $prop. 2:08
Four conditionals. 2:12
First we check if the property is null. 2:13
If so we're returning the whole cookie. 2:16
Next, if we have a property, we're going to check if the cookie has that property. 2:19
If not, we're going to return false. 2:24
And finally, if both of those paths we have an actual property on our cookie so 2:27
we will return that single property. 2:33
Now let's go back to our homepage. 2:36
And to our decodeAuthCookie, we'll add auth_user_id. 2:39
Now we can go back to the browser. 2:45
And now, in the browser, we see only the user ID. 2:50
Let's clean up the homepage. 2:54
We'll remove the var_dump and then we can close the index.php. 2:59
Now we're ready to use this new decode auth cookie. 3:05