DEV Community

loading...

Discussion on: The Ultimate Guide to JWT client side auth (Stop using local storage!!!)

daniguardiola profile image
Dani Guardiola_

This post is misinformed. The only thing that had to change about the situation is to stop being vulnerable to XSS. As long as there's a token, it can be stolen, no matter how many steps it takes from having the token to using it to access the account. Making those tokens short-lived is a good practice but doesn't change the facts.

I'm with you brother.