Image for post
Image for post

Why we need sessions

The classic Hypertext Transfer Protocol (HTTP) is a stateless tool. This means every request that is sent from a single client is interpreted by the Web server independently and is not related to any other request. There is no inbuilt mechanism for the server to remember a specific user from different multiple requests, which also makes it impossible for the server to know if each request originated from the same user.

HTTP Sessions

Session tracking enables you to track a user’s progress over multiple servlets or HTML pages, which, by nature, are stateless. A session is defined as a series of related browser requests that come from the same client during a certain time period. Session tracking ties together a series of browser requests — think of these requests as pages — that may have some meaning as a whole, such as a shopping cart application. …

Image for post
Image for post

Always code as if the guy who ends up maintaining your code will be a violent psychopath who knows where you live — John Woods

Writing clean code is not easy. It must be readable and maintainable. Writing clean code is not a process that we can achieve very quickly. It’s a continuous process, practically a daily effort. So let’s start…

1. Proper Naming

Naming is on of the most important aspect of coding. But somehow most of developers underestimate the importance of proper naming in the code. Developers spend most of their time reading code instead of writing. …

Image for post
Image for post

Step-by-Step guide to secure application build with React front end and Node back end (Express Rest API) using Keycloak.


  1. User trying to login to the front-end application (React.js).
  2. User will be redirected to the Keycloak server for authentication.
  3. If authentication successful, Authenticated user will be redirected to the application. Meantime user will get a JWT (JSON Web Token).
  4. Unauthenticated user will be redirected to back to the keycloak login page.
  5. With the valid JWT, front-end can access back-end rest api (Node.js/Express.js) by sending the JWT along with the service request.
  6. Back-end will communicate with the Keycloak server to validate the token. …


Chamith Madusanka

Senior Full-Stack Engineer | Java | Spring boot | ReactJs | NodeJs | NestJs | Microservices

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store