DEV Community

Discussion on: Please Stop Using Local Storage

Collapse
 
brojenuel profile image
Jenuel Oras Ganawed

I like this Article it is really informative and it gives me insights. But is there a way to secure the token in local storage? so that instead of using cookies, we can use local storage?

Yes, local storage is public, and people like us can able to see them and maybe try to edit the token, or copy the token and use it. I understand it.

But what if we try to make it secure?

ex:
token=jksdf2342jhc238740c29384htlsdgs8d70g9s848tuspirDFOdfGdgPOuoUS)(08)(}{[]dfglskldkfjg90450345

I created a function of my own that generates this encryption, that will be saved on the client's browser. This token consists of the client's ID, IP, expiration of the token, and a secret key.

Every time the User Login or use sensitive API functions like edit, and delete. The token is being checked first.

I made my own function to generate a token and a function that checks the token so that if this token was used from a different IP address it will not sign in. Or if the token expired, the person using this token will not sign. The users have to login again to generate a new token.