Coming to your question , if we will store the token in the LocalStorage then it will pose a problem , reason being , after storing it inside LocalStorage , any malicious script can try to access it and tamper it. As far , I have researched it's stored in cookies only but it is a special type of cookie which is known as httpOnlyCookie. It is a special kind of cookie that's only sent via HTTP Requests to the Server and any external maclicious script of the browser cannot access it.
I have worked with JWT in My Recent Project , and if you talk about storing the token in a httpOnlyCookie in the context of Code , then sorry there is no line of code which exactly is clearly signifying that the token is stored in a httpOnlyCookie . I believe that , the jwt package is doing all of the heavy lifting for us in the backend , and even though we are not able to see it in our code , but it is surely being stored in a httpOnlyCookie.
I hope that answers your question
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
HIi G.V.S Akhil ,
Coming to your question , if we will store the token in the LocalStorage then it will pose a problem , reason being , after storing it inside LocalStorage , any malicious script can try to access it and tamper it. As far , I have researched it's stored in cookies only but it is a special type of cookie which is known as httpOnlyCookie. It is a special kind of cookie that's only sent via HTTP Requests to the Server and any external maclicious script of the browser cannot access it.
I hope that answers your question.
Can u post the code thats used to store in a httpOnlyCookie??? I tried a lot but couldn’t find it
I found one here thanks medium.com/@ryanchenkie_40935/reac...
Hii @G.V.S Akhil ,
I have worked with JWT in My Recent Project , and if you talk about storing the token in a httpOnlyCookie in the context of Code , then sorry there is no line of code which exactly is clearly signifying that the token is stored in a httpOnlyCookie . I believe that , the jwt package is doing all of the heavy lifting for us in the backend , and even though we are not able to see it in our code , but it is surely being stored in a httpOnlyCookie.
I hope that answers your question