19:55 you mentioned cookie being encrypted, that is perhaps not an accurate description. It is signed but not encrypted, anybody with the cookie can still read the payload. For true encryption one would have to use something like Jose.
Yes I realized this - verbal typo on my part! Thanks for pointing it out. Signed but not encrypted 👍 So the data is secure in the sense that it can be trusted to have come from the server. But you wouldn’t want to put sensitive data in it, since it can be read.
Signature is generated for provided data and secret. If data is tampered with, the signature generated during verification wouldn't match and session will be discarded.
I'm curious given your experience with both Next and Remix, do they differ in significant way, in feature-set and mental models? Or are they more similar than they are different at this point?
Did you know parameters can never be marked as constants? For that and many other reasons, I really wish they had never become used as much as they are in JS vs. other languages. I’ve considered using const in videos just so it doesn’t come up and I understand it can be distracting because so many teams default to const, but pedagogically it’s hard for me to justify, because avoiding local mutation is simply not a concern a programmer should have to burden themselves with; and when it is called for, changing a const to a let detracts from the substance of what’s being taught. This is a good article on let vs. const and pretty much sums up how I feel: overreacted.io/on-let-vs-const/
I disagree it's a best practice but honestly it doesn't really matter, I will probably start using const just because I don't want to distract anybody, but this article pretty much sums up how I feel: overreacted.io/on-let-vs-const/
Thanks a lot. I have problem to understanding how remix set their cookie and how can I get cookie value using getSession method. In simple way, I can imagine cookie session storage like a DB that save a lot of key value pair.
The beauty of using Cookie storage rather than a DB is that the browser stores the session (and the server verifies it with the secret). The getSession method is reading the Cookie header from the request (timecode 7:54). Does that make sense?
How do you manage to import createCookieSessionStorage module without having to name the file "session.server.ts"?. In order to get that module I need to add ".server" to the name's file. But I am getting null value when getting the cookie property in my loader
Thank you ❤️
That was one really really high quality tutorial.
Wishing you all the best in your endeavours. 🎉
Thank you! I like the way you iterate over the solution to make it robust.
That's great! That's what I need. Thank you very much! You explained everything simply and clearly!
Thank you! Clear and concise. The cookie session storage is finally starting to click for me.
It’s like you’re reading my mind! Cheers
Very good. There is enough Next content out there. Not enough Remix.
This helped me understand remix sessions much better
great video thanks, cleared up some questions i had on remix sessions :)
Not using Remix currently, but learned a bunch, thank you!
19:55 you mentioned cookie being encrypted, that is perhaps not an accurate description. It is signed but not encrypted, anybody with the cookie can still read the payload. For true encryption one would have to use something like Jose.
Yes I realized this - verbal typo on my part! Thanks for pointing it out. Signed but not encrypted 👍 So the data is secure in the sense that it can be trusted to have come from the server. But you wouldn’t want to put sensitive data in it, since it can be read.
What if you change first part of cookie by not touching signature?
Signature is generated for provided data and secret. If data is tampered with, the signature generated during verification wouldn't match and session will be discarded.
I'm curious given your experience with both Next and Remix, do they differ in significant way, in feature-set and mental models? Or are they more similar than they are different at this point?
Good video, but ngl makes me nervious seeing let instead of const lol
Did you know parameters can never be marked as constants? For that and many other reasons, I really wish they had never become used as much as they are in JS vs. other languages. I’ve considered using const in videos just so it doesn’t come up and I understand it can be distracting because so many teams default to const, but pedagogically it’s hard for me to justify, because avoiding local mutation is simply not a concern a programmer should have to burden themselves with; and when it is called for, changing a const to a let detracts from the substance of what’s being taught.
This is a good article on let vs. const and pretty much sums up how I feel: overreacted.io/on-let-vs-const/
More remix content please!
noice noice
I love your content so much but one thing I keep wondering is "let" for everything. Why? :D Isn't it a better practice to use "const"?
I disagree it's a best practice but honestly it doesn't really matter, I will probably start using const just because I don't want to distract anybody, but this article pretty much sums up how I feel: overreacted.io/on-let-vs-const/
hey Sam, what keyboard do you use? You type blazingly fast.
Thanks a lot. I have problem to understanding how remix set their cookie and how can I get cookie value using getSession method. In simple way, I can imagine cookie session storage like a DB that save a lot of key value pair.
The beauty of using Cookie storage rather than a DB is that the browser stores the session (and the server verifies it with the secret). The getSession method is reading the Cookie header from the request (timecode 7:54). Does that make sense?
@@samselikoff yeah, that does make sense. Nice explanation. Thanks
How do you manage to import createCookieSessionStorage module without having to name the file "session.server.ts"?. In order to get that module I need to add ".server" to the name's file. But I am getting null value when getting the cookie property in my loader
can we do something like that in nextjs ?
Promo sm