Biggest question is how to save those JWT in frontend... Do Facebook also uses localstorage or we hve something good place to store tokens. If yes are they cookies?
Coming to your question , if we will store the token in the LocalStorage then it will pose a problem , reason being , after storing it inside LocalStorage , any malicious script can try to access it and tamper it. As far , I have researched it's stored in cookies only but it is a special type of cookie which is known as httpOnlyCookie. It is a special kind of cookie that's only sent via HTTP Requests to the Server and any external maclicious script of the browser cannot access it.
I have worked with JWT in My Recent Project , and if you talk about storing the token in a httpOnlyCookie in the context of Code , then sorry there is no line of code which exactly is clearly signifying that the token is stored in a httpOnlyCookie . I believe that , the jwt package is doing all of the heavy lifting for us in the backend , and even though we are not able to see it in our code , but it is surely being stored in a httpOnlyCookie.
I hope that answers your question
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Biggest question is how to save those JWT in frontend... Do Facebook also uses localstorage or we hve something good place to store tokens. If yes are they cookies?
HIi G.V.S Akhil ,
Coming to your question , if we will store the token in the LocalStorage then it will pose a problem , reason being , after storing it inside LocalStorage , any malicious script can try to access it and tamper it. As far , I have researched it's stored in cookies only but it is a special type of cookie which is known as httpOnlyCookie. It is a special kind of cookie that's only sent via HTTP Requests to the Server and any external maclicious script of the browser cannot access it.
I hope that answers your question.
Can u post the code thats used to store in a httpOnlyCookie??? I tried a lot but couldn’t find it
I found one here thanks medium.com/@ryanchenkie_40935/reac...
Hii @G.V.S Akhil ,
I have worked with JWT in My Recent Project , and if you talk about storing the token in a httpOnlyCookie in the context of Code , then sorry there is no line of code which exactly is clearly signifying that the token is stored in a httpOnlyCookie . I believe that , the jwt package is doing all of the heavy lifting for us in the backend , and even though we are not able to see it in our code , but it is surely being stored in a httpOnlyCookie.
I hope that answers your question