DEV Community 👩‍💻👨‍💻

Discussion on: LocalStorage vs Cookies: All You Need To Know About Storing JWT Tokens Securely in The Front-End

Collapse
bushblade profile image
Will Adams

Surely the vulnerability here is that you have a site vulnerable to XSS not the choice of where to store the token?

Collapse
putrikarunia profile image
Putri Karunia

Hi Will, Putri here – Michelle' cofounder.

Yes, technically if your site is vulnerable to XSS, the attacker can do a lot of damage no matter where you store the token. The options above are intended to help in making it harder for the attacker to obtain the access token itself.