Skip to content

re: How I Fixed JWT Security Flaws in 3 Steps VIEW POST

re: Keeping JWT token in localStorage is fine. The only concern is XSS which should be avoided at all cost. Once your site is vulnerable to XSS you got...

It can be "ok" and acceptable in some cases, but definitely not the best practice from a security standpoint.

A good analogy here would be our house. We need to secure doors and windows against unauthorized access. If a malicious actor gets in, we've got big problems, yes. But that doesn't mean we shouldn't hide our valuables. We may still store jewelry, money and other values in a safe. That practice can mitigate the losses in case someone breaks in the house.

code of conduct - report abuse