Apart from XSS attacks, which are less likely to happen IMO if you're careful with the libraries you're using, what would be other downsides to storing the token in LocalStorage?
Also, if you go with the cookie approach, you'll have to make sure that you prevent CSRF attacks from happening.
Apart from XSS attacks, which are less likely to happen IMO if you're careful with the libraries you're using, what would be other downsides to storing the token in LocalStorage?
Also, if you go with the cookie approach, you'll have to make sure that you prevent CSRF attacks from happening.
See my comment, for example session impersonation etc.