Full Stack Engineer with a history of working in the computer software industry following global best practices in building scalable technology solutions. A graduate of Maths/Statistics.
Belhassen, when you say store the JWT in memory, are you talking about localstorage, or are you talking about something like Redux or React Context state?
And when user close the browser? Of course, some applications (like banking) prefer to terminate user login, but on most applications, we need to keep user login after closing the browser and open it next time.
the http only cookie for the refresh token stays so you can always get the acces token accessing the refresh endpoint that will give you a new access and a new refresh token so no need to login again.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
The best way to store JWT is the memory, while having an HTTP ONLY cookie containing the refresh token.
i heard that many time. but how's the implementation?
Write an example just like Ogbonna Basil ;)
Thanks Belhassen. I will take a look at this method too.
Belhassen, when you say store the JWT in memory, are you talking about localstorage, or are you talking about something like Redux or React Context state?
In the application state (eg: react state).
And when user close the browser? Of course, some applications (like banking) prefer to terminate user login, but on most applications, we need to keep user login after closing the browser and open it next time.
the http only cookie for the refresh token stays so you can always get the acces token accessing the refresh endpoint that will give you a new access and a new refresh token so no need to login again.