Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT with cookie #81

Open
u-can-miracle opened this issue Dec 8, 2017 · 2 comments
Open

JWT with cookie #81

u-can-miracle opened this issue Dec 8, 2017 · 2 comments

Comments

@u-can-miracle
Copy link

u-can-miracle commented Dec 8, 2017
edited
Loading

Hi. I send jwt by cookies with enabled httpOnly flag so user can't set them from browser.
As I saw before you recomend use localStorage for this case. but some one can stole jwt from localStorage
In my case I have ease access to jwt from server and any access from browser as I see it's more secure.
So, why you recommend to use localStorage?
@u-can-miracle u-can-miracle changed the title JWT with cookie JWT with cookie Label: question Dec 8, 2017
@u-can-miracle u-can-miracle changed the title JWT with cookie Label: question JWT with cookie Dec 8, 2017
@Teebo
Copy link

Teebo commented Dec 8, 2017

The only advantage of using a cookie is the one you've mentioned, because I am using localStorage I make sure that the jwt expires in a short period and I do not put sensitive data with the jwt

@jschr
Copy link

jschr commented Dec 8, 2017

Another advantage to storing the JWT in a cookie is if you need server-side rendering with an auth context.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jschr @u-can-miracle @Teebo