As said you lack some knowledge here. Cookies can also be hijacked. Http cookies contain JWT itself sometimes. The thing you want to complain about is local storage which was prooven to have quite same security as cookies since there's other ways to exploit them.
Why are you saying "you don't use api but graphql" and once I pointed out "that graphql is in fact api" you go explaining it like I'm saying something bad about it? I'm pointing out that I have background services communicating with each other without any user doing anything. You'll need to work with much more complex system to understand my point. You can have graphql calling other services including other grpahql or other types of API where you're sending jwt between them and user has no direct communication with these ones. Point is graphql has nothing to do with the things I'm talking about.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
As said you lack some knowledge here. Cookies can also be hijacked. Http cookies contain JWT itself sometimes. The thing you want to complain about is local storage which was prooven to have quite same security as cookies since there's other ways to exploit them.
Why are you saying "you don't use api but graphql" and once I pointed out "that graphql is in fact api" you go explaining it like I'm saying something bad about it? I'm pointing out that I have background services communicating with each other without any user doing anything. You'll need to work with much more complex system to understand my point. You can have graphql calling other services including other grpahql or other types of API where you're sending jwt between them and user has no direct communication with these ones. Point is graphql has nothing to do with the things I'm talking about.