re: LocalStorage vs Cookies: All You Need To Know About Storing JWT Tokens Securely in The Front-End VIEW POST


Surely the vulnerability here is that you have a site vulnerable to XSS not the choice of where to store the token?


Hi Will, Putri here – Michelle' cofounder.

Yes, technically if your site is vulnerable to XSS, the attacker can do a lot of damage no matter where you store the token. The options above are intended to help in making it harder for the attacker to obtain the access token itself.

Code of Conduct Report abuse