So, what do I need help for? -- this -- auth0-spa-js with backend -- in aloud-comments. I am not sure if I could use cookies without by own backend, such as Now.sh or Netlify?
I also know that cookies can be edited on user-side as well, which is made easy by js-cookie.
- Not sure if even HTTPS cookies are secure, but it should be more secure than localStorage.
- Can it be intercepted and edited, just like HTTP?
- Cookies have expiry date. I love that.
About localStorage
- Can I use localStorage to save tokens for SPA? Will it be any better if I use cookies?
As an end-user...
- Should I block cookie requests on most website? What will happen if I block cookies on all website? And vice versa?
Top comments (2)
As I know, the cookie cannot be edited capturing the http package, the content is in your browser, as it is localstorage. The thing I can do is steal a cookie, if the server config only trust in cookie id to retrieve session, I can collide the cookie and start navigating as I was you. In principle, localstorage is as safe as it is the hypervisor of the browser, pretty good I think. I love serverless so I don't use cookies anymore in my projects, tokens in localstorage and/or sesessionstorage is fine.
dev.to/spukas/authentication-cooki...