Community
Classroom
Calendar
Members
Map
Leaderboards
About
16h • Prompt Vault
FREE PROMPT PACK - Login Security | June 17th
Copy/paste these into Claude Code/Codex:
  • Move the session out of localStorage: "My vibe-coded app stores its auth/session token in localStorage. Migrate me to httpOnly, Secure, SameSite=Lax cookies using [Supabase @supabase/ssr | Clerk]. Show the exact client + server changes, confirm no token is ever readable from window.localStorage, and tell me how to verify it in DevTools."
  • Enforce auth on the server, not the browser: "Audit every API route / server action in my app for missing server-side authorization. For each protected action, add a check that re-verifies the user's identity and role from the server session (and add a matching Supabase RLS policy). List which routes were unprotected and show the before/after for each."
  • Require email verification: "Enable required email verification in [Supabase Auth | Clerk] and block unverified users from any write/sensitive action. Show me the provider setting to flip, the server-side guard that checks email_confirmed_at (or Clerk's verified status), and a redirect to a "please verify" screen."
  • Rate-limit login / signup / reset: "Add rate limiting and temporary lockout to my login, signup, and password-reset flows. Use [Supabase Auth's built-in rate limits | Upstash Ratelimit middleware]. Specify sensible limits (e.g. 5 attempts / 15 min per IP+email), the lockout behavior, and how to test that the 6th attempt is blocked."
  • Strong + non-breached passwords: "Enforce a strong password policy in [Supabase Auth | Clerk]: minimum length 12, block compromised passwords via the HaveIBeenPwned / leaked-password setting, and surface a clear strength error in my sign-up UI. Show the provider setting and the client validation, and confirm a known-breached password is rejected."
2
2 comments
Hayden Smith
2
FREE PROMPT PACK - Login Security | June 17th
A2B - Go From App to Business
Vibe-coded an app that's 80% complete? We teach you everything you need to know to make it secure, polished, and performant so YOU can finally launch.
Leaderboard (30-day)
1
Basel A
+1
Powered by