Skip to content
markdown guide

Hi @amineamami , unfortunately there's no easy answer to this. Depends on your requirements and in part on the technologies you're using and/or have available.

In general a lot people using JWT store the token in the local storage even though it can be a security issue because the local storage is accessible from all JS (which means in theory also malicious code).

There was a really interesting article and ensuing discussion on this topic:

If you can tell me more details about what you're using on the client and on the server maybe we can find a proper tutorial on how to use jwt or more secure alternatives.


Thanks for the replay.
Mainly angular 6 and spring boot security


I ended up droping oauth 2 implicit flow and jwt solutions for cookie session token stored into redis

Classic DEV Post from Apr 7

Describe the best manager you've ever had

A post by Ben Halpern

amineamami profile image

Be a better developer. Free forever.