umeshbhat
Reputation: 113
Where should I save client's JWT for future requests?
My api returns a token to the client on doing log in which in turns requires client to put it in header everytime to make request to server. Where should i save those token? If saved in browser storage then anyone can copy and login to client's account
Upvotes: 1
Views: 453
Answers (1)
TheWahome
Reputation: 105
You are right. It's not safe to store it in local storage.
The JWT needs to be stored inside an HttpOnly cookie, a special kind of cookie that's only sent in HTTP requests to the server, and it's never accessible (both for reading or writing) from JavaScript running in the browser.
You can read more about this on this article about JWT best practices. https://logrocket.com/blog/jwt-authentication-best-practices/
Upvotes: 4
Related Questions
- What is the best practice to store jwt token in client side?
- Where to store a JWT token properly and safely in a web based application?
- Where should I save jwt refresh token?
- ExpressJS: When authenticating, do I store the JWT token from the backend or the frontend?
- Where and how save token JWT ? (Best Practice)
- Where to store JWT
- Storing JWT server side express.js
- Where to store the JWT Client Credentials Grant
- How to handle JWT token on the client site in Node.js application?
- Where should I store jwt token for authentication on server side