+ 1
What is the best way to store a JWT token on client-side ?
JWTs are used as a means of authentication in almost all the apps I have seen, also I have created an API in express for my project , I have seen articles to not store it in local storage for security purposes. Need some opinions .
2 Antworten
0
Jwt token stored in cookie is unsafe, anyone can retrieve the cookie from the browser to get the full jwt token string.
It should be stored in httpOnly cookie, which the cookie is generated from web server rather than stored in browser.
- 1
Store it as cookie. You can set cookie in your api response in express server.