Tamim Anwar Chowdhury
Reputation: 83
What is the best practice to store jwt token in client side?
Is it safe to store jwt token in HttpSession? If it is not what is the best practice to store jwt token. So that it can be used for further usages in client.
public void setLoggedinUserInSession(HttpServletRequest httpServletRequest, String jwtToken){
HttpSession session = httpServletRequest.getSession(true);
session.setAttribute("token", jwtToken);
}
Upvotes: 0
Views: 1601
Answers (1)
Marek Puchalski
Reputation: 3659
Regarding your question - how to store JWT tokens on the client. Cookies are one of the ways to go. There are many small and big things to take care of, but they all are summarized by OWASP ASVS: https://github.com/OWASP/ASVS/blob/v4.0.3/4.0/en/0x12-V3-Session-management.md
One important thing: HTTP Session is not the way to go. Have a look how to handle cookies https://www.baeldung.com/java-servlet-cookies-session#1-create-a-cookie and do this instead.
Upvotes: 1
Related Questions
- Where to store a JWT token properly and safely in a web based application?
- Where is safest to store Json Web Tokens JWTs in client side?
- Where to store JWT token in react / client side in secure way?
- Is local storage the best way to store JWT token on client side? ( Assuming best practices are in place for preventing XSS )
- What to store in a JWT?
- Where and how save token JWT ? (Best Practice)
- Where to store JWT
- Where should I save client's JWT for future requests?
- Where should I store jwt token for authentication on server side
- Best way to use JWT and how to store the secret key