+ 1

What is the best way to store a JWT token on client-side ?

JWTs are used as a means of authentication in almost all the apps I have seen, also I have created an API in express for my project , I have seen articles to not store it in local storage for security purposes. Need some opinions .

27th Jul 2020, 2:23 AM
Kalo 'smi
Kalo 'smi - avatar
2 odpowiedzi
0
Jwt token stored in cookie is unsafe, anyone can retrieve the cookie from the browser to get the full jwt token string. It should be stored in httpOnly cookie, which the cookie is generated from web server rather than stored in browser.
5th Mar 2022, 5:54 AM
Calviղ
Calviղ - avatar
- 1
Store it as cookie. You can set cookie in your api response in express server.
30th Jul 2020, 3:00 PM
Manoj Hansda