⇦ Back

WDX-180

Web Development X

---

Week 36 | Mini CMS

Week 35 ⇦

Updated: 27/6/2025

⇨ Week 37

---

Week 36 - Day 1 | Mini CMS Project

Schedule

• Watch the lectures
• Study the suggested material
• Practice on the topics and share your questions

Study Plan

Your instructor will share the video lectures with you. Here are the topics covered:

• Part 1: Creating a POST Controller for handling the creation of new Blog posts
• Part 2: Creating a View and a Controller for displaying all the available Blog posts in our Database.

You can find the lecture code here

Important: The code link above, points to a particular commit in the repository. Click the Code => Download Zip button on GitHub, to download the code as it was in that exact commit.

References & Resources:

• SQL Constraints
• HTTP Status Codes Reference
• Date: toLocaleTimeString, toLocaleDateString

Exercises

CHALLENGE: Find out how you can automatically redirect the user to the newly created Post page.

IMPORTANT: Make sure to complete all the tasks found in the daily Progress Sheet and update the sheet accordingly. Once you’ve updated the sheet, don’t forget to commit and push. The progress draft sheet for this day is: /user/week36/progress/progress.draft.w36.d01.csv

You should NEVER update the draft sheets directly, but rather work on a copy of them according to the instructions found here.

---

Week 36 - Day 2 | Practice Day

Schedule

• Practice on the topics and share your questions

Study Plan

Today is practice day. Practice on the topics covered so far and share your thoughts, questions and insights.

Happy hacking!

---

Week 36 - Day 3 | Authentication

Schedule

• Watch the lectures
• Study the suggested material
• Practice on the topics and share your questions

Study Plan

Your instructor will share the video lectures with you. Here are the topics covered:

• Part 1: Work on the Home Page Controller
• Part 2: Authentication

You can find the lecture code here and the diagrams here.

Important: The code link above, points to a particular commit in the repository. Click the Code => Download Zip button on GitHub, to download the code as it was in that exact commit.

Lecture Notes & Questions:

References & Resources:

• Authentication (AuthN) vs Authorization (AuthZ)
  • https://www.cloudflare.com/learning/access-management/authn-vs-authz/

---

Week 36 - Day 4 | Practice Day

Schedule

• Practice on the topics and share your questions

Study Plan

Today is practice day. Practice on the topics covered so far and share your thoughts, questions and insights.

Happy hacking!

---

Week 36 - Day 5 | Protected Routes

Schedule

• Watch the lectures
• Study the suggested material
• Practice on the topics and share your questions

Study Plan

Your instructor will share the video lectures with you. Here are the topics covered:

• Part 1: Authentication & Security
• Part 2: Authentication & Security

You can find the lecture code here and the diagrams here.

Important: The code link above, points to a particular commit in the repository. Click the Code => Download Zip button on GitHub, to download the code as it was in that exact commit. References & Resources:

• POST Method details (encoding, etc.)
  • Percent encoding
  • Base64 Encoding/Decoding
    • https://developer.mozilla.org/en-US/docs/Web/API/Window/btoa
    • https://developer.mozilla.org/en-US/docs/Web/API/Window/atob
  • Be very careful with the test data and accounts that you use during development/debugging. It’s important for this data and accounts not ending up in production. (Especially the DB accounts with weak passwords)
  • HTTP Set-Cookie header
  • ALWAYS REMEMBER: “No data from the browser is trustworthy”
  • When the user logs out, the cookie must always be removed or invalidated.

Exercises

Here’s your challenges for today:

• Find out all the appropriate HTTP status codes and make sure that all endpoints send back the appropriate codes, e.g. 404, 200, 401, 302, etc.
• Learn about the differences between the various encoding schemes: percent encoding, URI encoding, base64, etc.
  • https://stackoverflow.com/questions/10267597/url-encode-vs-base64-encoding-usages
• Explore cookies in-depth and try out things, deal with more key=value pairs, like parsing multiple cookies and restricting cookies to particular paths and setting an expiration date
  • References: https://stackoverflow.com/a/20912911/4861760
• Research: how to detect cookie tampering
  • https://stackoverflow.com/questions/6230565/how-to-prevent-users-from-modifying-cookie-values

• CHALLENGE: secure the cookie authentication mechanism by introducing hashing (learn/Cookie.Tampering.101.md)

• Use Tailwind CSS to prettify the Post pages! (Pick a ready made template)

IMPORTANT: Make sure to complete all the tasks found in the daily Progress Sheet and update the sheet accordingly. Once you’ve updated the sheet, don’t forget to commit and push. The progress draft sheet for this day is: /user/week36/progress/progress.draft.w36.d05.csv

You should NEVER update the draft sheets directly, but rather work on a copy of them according to the instructions found here.

---

Weekly feedback: Hey, it’s really important for us to know how your experience with the course has been so far, so don’t forget to fill in and submit your mandatory feedback form before the day ends. Thanks you!

---

---

Project maintained by in-tech-gration Hosted on GitHub Pages — Theme by mattgraham