DEV Community

Discussion on: Building Vue.js Client SPA Token-Based Authentication with Laravel Sanctum

View post

Replies for: Hi @moris14 it's really wrong storing sensitive data in LocalStorage meanwhile i haven't seen any article on a better way to go about this, please ...

Collapse
 
gweinxx profile image
gweinxx • Edited

(Based on my app)

U can verify token owner by comparing ip address, browser: version, device, custom cookies, etc

  1. You need to track users here
  2. Token hasOne Login (Ip address, device platform, browser name, browser version, etc)
  3. If you still need to verify the user, add password verification feature, for worse scenarios like:
  4. Token is not being used for (x) days
  5. Tracker result doesn't match token login's information (#2)
  6. Token exist, but custom cookies is expired / missing

With this feature, personally I can offer the user to see, what devices are they are logged in, logout from specific device / all devices, etc

If anyone got better idea, I would like to know and learn :D

  • Note: sorry for bad english