What's the best way to do authentication in modern applications
Summary
The article explains best practices for authenticating in modern applications, comparing token storage choices, and defense-in-depth for CSRF and XSS. It covers cookies, HttpOnly, CSRF tokens, SameSite, and discusses patterns like BFF and device-bound sessions to improve security.