Great post! I noticed you store the token in localstorage, is this safe? I always thought this was an insecure way of storing sensitive data seeing as the token is more or less the users username/password combo?
Hi @moris14 it's really wrong storing sensitive data in LocalStorage meanwhile i haven't seen any article on a better way to go about this, please share if you have any.
Great post! I noticed you store the token in localstorage, is this safe? I always thought this was an insecure way of storing sensitive data seeing as the token is more or less the users username/password combo?
Hi @moris14 it's really wrong storing sensitive data in LocalStorage meanwhile i haven't seen any article on a better way to go about this, please share if you have any.
(Based on my app)
U can verify token owner by comparing ip address, browser: version, device, custom cookies, etc
With this feature, personally I can offer the user to see, what devices are they are logged in, logout from specific device / all devices, etc
If anyone got better idea, I would like to know and learn :D