loading...

re: How to securely store JWT tokens. VIEW POST

FULL DISCUSSION
 

First off, great article! I've recently finished building an authentication system that works very similar to the one you've described but, with a distinct difference: I store the JWT across two cookies.

One cookie contains just the JWT header and payload and can be accessed by JavaScript, the other contains the signature but is Secure + HttpOnly. This way I can access the payload on the client without worrying about having the entire token potentially compromised.

Authentication in SPA the right way by Jean-Cristophe Baey describes this approach in a bit more detail.

 

Thank you very much. That's a very clever approach!!! I will definitely try it on my next projects.

code of conduct - report abuse