Reputation: 47
Is there a quick option to save the JWT token secure?
While following a MERN stack tutorial i am asking myself if it is safe to store the JWT token inside localstorage. After 1 sec of googling i got an answer like "definetly not".
The current api call is as follows:
const {data} = await Axios.post("/api/users/signin", {email, password});
localStorage.setItem('localUserInfo', JSON.stringify(data));
I am wondering, because the lecturer uses other safe techniques like using roles and bcrypt (and react should be protected against xss).
So if it is not: Is there another quick option to save it secure?
Upvotes: 0
Views: 40
Answers (1)
Reputation: 497
You can use a http-only cookie to prevent malicious scripts from reading sensible cookie data, e.g. in to use them in Cross Site Scripting attacks.
Since you mentioned you are learning the MERN stack -- You can use the cookie-session middleware, learn more about security in express here.
It offers multiple configurations to make session cookies secure:
app.use(session({
name: 'session',
keys: ['key1', 'key2'],
cookie: {
secure: true, // enforce https
httpOnly: true, // ensure cookies are only sent via http(s)
domain: 'example.com', // specify hosts that are allowed to receive the cookie
expires: expiryDate // define lifespan
}
}))
Upvotes: 1
Related Questions
- How to store JWT tokens in React Native?
- Where to store JWT token in react / client side in secure way?
- How can I store and secure my JWT token in react application
- Secure JWT token handling in React
- Storing your jwt token in react or angular or vue
- How to securely store JWT tokens in react/next.js application?
- Best practice to safely store API token in React frontend application?
- How to store JWT Secret in Reactjs front end?
- What's a secure way to store token & auth state?
- Where to store the refresh token safely