I like this Article it is really informative and it gives me insights. But is there a way to secure the token in local storage? so that instead of using cookies, we can use local storage?
Yes, local storage is public, and people like us can able to see them and maybe try to edit the token, or copy the token and use it. I understand it.
I created a function of my own that generates this encryption, that will be saved on the client's browser. This token consists of the client's ID, IP, expiration of the token, and a secret key.
Every time the User Login or use sensitive API functions like edit, and delete. The token is being checked first.
I made my own function to generate a token and a function that checks the token so that if this token was used from a different IP address it will not sign in. Or if the token expired, the person using this token will not sign. The users have to login again to generate a new token.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I like this Article it is really informative and it gives me insights. But is there a way to secure the token in local storage? so that instead of using cookies, we can use local storage?
Yes, local storage is public, and people like us can able to see them and maybe try to edit the token, or copy the token and use it. I understand it.
But what if we try to make it secure?
ex:
token=jksdf2342jhc238740c29384htlsdgs8d70g9s848tuspirDFOdfGdgPOuoUS)(08)(}{[]dfglskldkfjg90450345
I created a function of my own that generates this encryption, that will be saved on the client's browser. This token consists of the client's ID, IP, expiration of the token, and a secret key.
Every time the User Login or use sensitive API functions like edit, and delete. The token is being checked first.
I made my own function to generate a token and a function that checks the token so that if this token was used from a different IP address it will not sign in. Or if the token expired, the person using this token will not sign. The users have to login again to generate a new token.