DEV Community

loading...

Discussion on: The Ultimate Guide to JWT client side auth (Stop using local storage!!!)

Collapse
mbarzeev profile image
Matti Bar-Zeev

I wonder - why won't you persist this JWT on a http-only cookie? given that you have the means to include this cookie for all subdomains and if another domain requires it, go ahead and set a cookie for it as well, after all it is your site's users sessions.