Security

Security Model

The Ezz-Auth security model is built on the principle of abstraction. We handle the heavy lifting of session security so you can focus on building features.

HTTP-Only Cookies

Sessions are stored in encrypted cookies inaccessible to client-side scripts, neutralizing XSS risks.

No LocalStorage

By avoiding localStorage for tokens, we eliminate the risk of persistent data theft via malicious scripts.

Zero-Trust Client

The client-side UI is treated as a presentation layer only; every action is re-verified on the server.

Server-First Validation

Authentication logic lives in secure server environments, ensuring consistent enforcement of rules.

Developer Safety

In this model, developers never handle secrets, tokens, or session storage directly. This design pattern prevents common implementation errors that lead to data breaches.