Hi Paschal, yes, this isn't best practice and I point that out at the beginning of the article. A combination of JWTs and refresh tokens is what I'll always advice.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Why set cookie within the client? Isn't this poor security practice?
Hi Paschal, yes, this isn't best practice and I point that out at the beginning of the article. A combination of JWTs and refresh tokens is what I'll always advice.