I'm pretty new to JWTs and have been researching this issue a bit - the only OWASP recommendation I could find is to keep JWTs in local session storage and use a fingerprint cookie to prevent sidejacking? owasp.org/index.php/JSON_Web_Token...
Not sure if the link above is current, updated, outdated or what. I've also looked at some identity providers like Okta and Auth0 and all of their docs show using local storage for JWTs, but then there are blog posts (a few years old) from employees kind of arguing the opposite (even one who seemed to have done his research on stackoverflow!) - there seems to be so much conflicting information.
Sorry to renew a zombie thread!
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I'm pretty new to JWTs and have been researching this issue a bit - the only OWASP recommendation I could find is to keep JWTs in local session storage and use a fingerprint cookie to prevent sidejacking? owasp.org/index.php/JSON_Web_Token...
Not sure if the link above is current, updated, outdated or what. I've also looked at some identity providers like Okta and Auth0 and all of their docs show using local storage for JWTs, but then there are blog posts (a few years old) from employees kind of arguing the opposite (even one who seemed to have done his research on stackoverflow!) - there seems to be so much conflicting information.
Sorry to renew a zombie thread!