writeJwt(userinfo) Last updated: 30. May 2026
API only function
The writeJwt function is responsible for generating and writing a JWT (JSON Web Token) secure cookie to the user's browser.
See also: deleteJwt denyAccess logOut flagActivity getProfilePictureUrl Custom JWT login example
Parameters
| Name | Type | Description |
|---|---|---|
| userinfo | object | A JSON object with all necessary info about user. |
Returns
True if successful.
Example
Code example (JS)
JS is normal JavaScript either running in the browser or on the Docly™ server.// Issue a session JWT cookie for the user
docly.writeJwt({ "username": username, "access": "admin" });
// In any other API function, read the cookie back via request.Jwt
if (request.Jwt.access != "admin")
return docly.denyAccess();
// To log the user out again, write a NULL value (or call deleteJwt)
docly.writeJwt(null);
// *********************************
// A full login-flow example:
// #/API/login.js
export default (form) => {
let user = docly.getFile("#/Users/" + form.username);
if (!user || user.PasswordHash !== form.passwordHash) {
// Tick the brute-force counter for this IP
let blocked = docly.flagActivity();
if (blocked) {
return { error: "Too many failed attempts. Try again later." };
}
return { error: "Invalid username or password." };
}
// Success — issue the session JWT
docly.writeJwt({
username: user.Username,
access: user.AccessLevel
});
return { success: true };
}
// The matching login page is a plain static HTML form that POSTs to /API/login.
// Keep it free of #...# expressions — hash templates are cached and would leak
// per-user data across requests.