DEV Community

Discussion on: Demystifying JWT: How to secure your next web app

Collapse
 
kylereeman profile image
KyleReemaN

Please be aware of xss if you save the token in localstorage and csrf if you save the token in cookies even with httponly and secure flag. See samesite attribute (lax/strict).