« All posts

Cookies or Bearer Tokens? The Day my Auth Design Decision Broke

Explore the differences between cookies and bearer tokens in the StashD app. Lessons learned in mobile and web authentication design.

In the StashD app, cookies were used for authentication, but it became clear that this design was insufficient when developing a mobile app. The automatic attachment of cookies did not apply to mobile applications, revealing that the design was flawed. The author analyzed how cookies and bearer tokens function, highlighting the security advantages of each.