DEV Community


Discussion on: How to securely store JWT tokens.

gkoniaris profile image
George Koniaris Author

If your frontend is on the same domain as your API (or a first-level subdomain), the cookie should be automatically sent through Ajax requests. For example, if your web application is hosted on and your API is hosted on, the cookie will be sent in every Ajax request automatically. Of course, you should make your API fetch the cookie in the backend, and verify the token. In case you need to access the payload of the JWT token, that's not possible with HttpOnly cookies. You should make an extra request to your API, something like a /me endpoint, and save the data in a Javascript variable.

Thread Thread
kevinhch profile image

Oh :O thnxs a lot, finally a good post to solve my problem!!