Best Practice for Secure HTTPS session management using Apollo Server v3?

Hey All,

I am working on creating a ecommerce site using Apollo Server v3. Thus I’m working on authentications and authorization. I’m challenging myself to avoid using things like Apollo Server Express since I’m building it from the ground up. I’ve been doing tons of research on on HTTP/S and session management, as well as headers/cookies/local storage. So far what I’ve found is that all tutorials tend to recommend JWT’s for authentication and then session IDs for sessions… Which is all great and reading through the documentation I know there are certain features to help with CSRF vulnerabilities and cross site attacks and all those other terrifying things that can happen. My question is if anyone could explain or point me to a post/resource that explains and maybe shows an example of a safe, secure, best practice for production ready Apollo Server v3 apps.

Thanks for your time!