DEV Community


Discussion on: How to securely store JWT tokens.

charlesgiroux profile image
Charles-Antoine Giroux

I use this.

Header + Payload are stored in LocalStorage and sent in a header with fetch.
Signature is in a cookie with HttpOnly.

The server stitches the header with the cookie and then validates the JWT. This works well in IE 11 which does not support SameSite cookies.