CODEWITHSUNDEEP
javascriptjwt
sçuçu
sçuçu

Reputation: 3070

Sending web storage stored JWT to server when refresh button hit

I am building a web app using Javascript (Koa.js as a backend). I do not want to make any full page refreshes, all requests will be ajax requests to my API. I am using JWT for user authentication and want to save it in Web Storage. These are something, blog post 1 and blog post 2, I have read on security against especially CSRF, so I need to use Web Storage for token keeping on client. I know localStorage persists even across browser quit-relaunches.

The question is;

Are there a, probably convenient to implement and secure, way to achieve keeping an already authenticated user authenticated between page refreshes caused by a non-programmatic way when using JWT and Web Storage, e.g. browser button hit?

Upvotes: 1

Views: 480

Answers (1)

Kassandra Perch
Kassandra Perch

Reputation: 580

Your question is a little broad, so there are several answers depending on more information about what you're developing in (what language, any limitations)

I can recommend a few reads to start and possibly shape your question further. First, an article going over the basics of handling JWT tokens:

https://auth0.com/blog/2014/01/27/ten-things-you-should-know-about-tokens-and-cookies/

Another good place to start is looking at Auth0's implementation examples: even if you don't plan on using Auth0's services, the implementations on the server side can be used for plain JWT implementations. Their single-page examples, which include server tutorials, can be found here:

https://auth0.com/docs/quickstart/spa/

Hope this helps!

Upvotes: 1

Related Questions