For a Next.js web app, is it better to use secure cookie auth (SPA mode) or return tokens in JSON and manage them manually?
Docs suggest cookies for first-party SPAs, but tokens seem necessary for mobile or third-party APIs.
If you’re building both web + mobile on the same API, what’s the best approach in practice?
Laravel Doc says :
Sanctum will only attempt to authenticate using cookies when the incoming request originates from your own SPA frontend. When Sanctum examines an incoming HTTP request, it will first check for an authentication cookie and, if none is present, Sanctum will then examine the Authorization header for a valid API token.
N
Nerijus
✓ Link copied!
If you have API for web and mobile, personally don't see nothing wrong with using tokens for both. It would be easier than doing SPA + token.
For a Next.js web app, is it better to use secure cookie auth (SPA mode) or return tokens in JSON and manage them manually? Docs suggest cookies for first-party SPAs, but tokens seem necessary for mobile or third-party APIs.
If you’re building both web + mobile on the same API, what’s the best approach in practice?
Laravel Doc says :
If you have API for web and mobile, personally don't see nothing wrong with using tokens for both. It would be easier than doing SPA + token.