Also probably worth noting that localstorage probably shouldn’t be used for sensitive information (like user passwords session identifies, etc) as it’s susceptible to xss attacks.
Hmm ideally you don’t wanna be putting any sensitive data in local storage as its openly accessible via JS. What problems did you have with configuring your session via cookies?
Also probably worth noting that localstorage probably shouldn’t be used for sensitive information (like user passwords session identifies, etc) as it’s susceptible to xss attacks.
Good point, I'll make an update.
What do you think about firebase auth being in
localStorage
by default?Although can be set in cookies as well. I tried, but I failed...
Hmm ideally you don’t wanna be putting any sensitive data in local storage as its openly accessible via JS. What problems did you have with configuring your session via cookies?
csrfToken
from the server? Another HTTPS request, or just js-cookie? There is no form or template rendering here...Encryt both fields to jwt and set it in cookie-session.
May help a bit
dev.to/dpkahuja/learn-and-build-we...