I saw the comments by Yasser-Massoud and Muco Rolle Tesor but neither explain why they think httpOnly cookies are a better storage option for a JWT.
As it is important to understand the reasoning behind your decision, I did some googling and found this really good explanation: stormpath.com/blog/where-to-store-...
It's better to store JWT in the cookie storage httpOnly and secure.
So that you can scope it inside the domain, expire in a few minutes and transport by ssl
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I saw the comments by Yasser-Massoud and Muco Rolle Tesor but neither explain why they think httpOnly cookies are a better storage option for a JWT.
As it is important to understand the reasoning behind your decision, I did some googling and found this really good explanation: stormpath.com/blog/where-to-store-...
It's better to store JWT in the cookie storage httpOnly and secure.
So that you can scope it inside the domain, expire in a few minutes and transport by ssl