Filip Sodić

> I wouldn't call it a session. We don't have state on the server that would represent a session, instead we deal with JWTs, so we are sessionless, to my...

> But looking at it I don't really see any of these choices having any effect on practical usage? Is there an issue with us "hackishly" using auth/me? The only...

I took a look at the link and talked with Martin in person. RTK's system makes a lot of sense to us. React query does provide something similar with query...

> **they don't require us storing anything on the backend** and are pretty simple I don't think this is actually true in most cases (perhaps the article mentions it). For...

Here's an old comment I forgot to post. > You are talking about a specific concern of somebody stealing JWT (at some point when that is possible) and then logging...

### We tried swapping JWTs+local storage for Sessions+cookies in #635 and failed. Here's the relevant information from Discord #### CSRF Here's OWASP's guide on defending against CSRF: https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html. They cover...

Another important point concerning XSS attacks, pasting @Martinsos's message from Discord for future references > @sodic had interesting thoughs on this XSS thing -> basically that sure, XSS attack can...

I'm reopening this since we're slowly outliving the original short-term solution.

Sure, it's what we talked about in the presentation a couple of weeks ago, but it's mostly the same reasons we had the first time around (plus a few extra):...

User asking for Enums: https://discord.com/channels/686873244791210014/1220352081970466908/1220607862078836766. The same user is also not a fan of having Prisma stuff inside Wasp and would prefer a separate schema.prisma file (the message below the...