I need advice, what is the best way to store a JWT token? Should we store in cookies or storages? But with the CSRF flaw and xss attacks I have a doubt. I'm still in training and working on a year-end project. Or the best is to store the jwt token in a variable in a store. I developed the application in nodejs express js for the back and in react for the frontend. Thanks in advance for your advice.
Asked
Active
Viewed 162 times
0
-
You could store the token in a http only cookie. That way it cannot be accessed through javascript at least. – chris coerdes May 13 '22 at 12:38
1 Answers
0
I use cookies, they are easily able to be accessed server side and can have an expiration date.
Take a look at this post: Local Storage vs Cookies
Jack Lankford
- 108
- 7