Reputation: 1
Is is safe to store JWT in windows object and retrieve it whenever needed
I am getting an access token(JWT) in the Url . Ex: http://1.2.3.4:8000/ABCService/ValidateID?Token=eyJqa3UiOiJodHRwczpcL1wvb2F1dGgueGZpbml0eS5jb2.
Is it safe to store this token in windows object ? Ex: window.jwt = Token
If "yes" how it can be implemented(extract the JWT from Window object and perform next operations like validate JWT etc) in React JS ...
FYI: I did it using cookie and HTML5 web storages like (local & Session)... I wanted to make my website more secure ... that's why i have chosen to store it in window
Upvotes: 0
Views: 599
Answers (1)
Reputation: 12806
No it is not safe. In case of an XSS attack where JavaScript is injected and run on your website, it is just as easy to read your window.jwt as it is to read document.cookie, window.localStorage or window.sessionStorage.
JWT are great for server-to-server communication and mobile-to-server communication, but for browser-to-server communication JWT is not suitable. Cookies (declared as "Secure" and "HttpOnly" and with "SameSite" declared as "Strict") is the safest.
Upvotes: 2
Related Questions
- Is it safe and convenient to store jwt token in Localstorage or cookies and to store the user's data in Context API
- Is it safe to store a JWT in localStorage with ReactJS?
- is storing JWT token in local storage safe?
- is it safe to save data that affect component rendering in JWT payload?
- Is it safe to store JWT token in redux store?
- How can I store and secure my JWT token in react application
- Is it safe to temporarily store JWT in react native variable?
- Storing your jwt token in react or angular or vue
- Is it really safe to authenticate JWT token from React frontend?
- Is it safe to store a JWT in client javascript?