Discussion on: Please Stop Using Local Storage

thechrisjasper profile image
Chris Jasper

I disagree on the security concerns with LS and JWT. As others have said, you will have a much larger concern if an attacker can inject JS into your site. Proper use of JWT is implementing expirary and sensible authorization after one has authenticated.
Deferring to the Auth0 docs, they recommend LS or cookies for storage.

suhas_chatekar profile image
Suhas Chatekar
  1. They do not recommend, they say you "can" use local***
  2. Right after that they say, you can use cookies too
  3. For both options they tell you what can go wrong
  4. For the local storage option, they mention XSS, exactly the thing this article is trying to educate us about
rdegges profile image
Randall Degges Author

I'm very familiar with Auth0 and have a lot of friends there. That being said: the recommend incorrect things all the time.

Nobody is perfect, especially not security companies! We get things wrong all the time ^

kpollich profile image
Kyle Pollich

Deferring to Auth0 is a great call here.