Belhassen, when you say store the JWT in memory, are you talking about localstorage, or are you talking about something like Redux or React Context state?
And when user close the browser? Of course, some applications (like banking) prefer to terminate user login, but on most applications, we need to keep user login after closing the browser and open it next time.
the http only cookie for the refresh token stays so you can always get the acces token accessing the refresh endpoint that will give you a new access and a new refresh token so no need to login again.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Belhassen, when you say store the JWT in memory, are you talking about localstorage, or are you talking about something like Redux or React Context state?
In the application state (eg: react state).
And when user close the browser? Of course, some applications (like banking) prefer to terminate user login, but on most applications, we need to keep user login after closing the browser and open it next time.
the http only cookie for the refresh token stays so you can always get the acces token accessing the refresh endpoint that will give you a new access and a new refresh token so no need to login again.