Wouldn't using sessionStorage be as secure as using variables to store access token? Both are available from JavaScript for the duration of single session.
Hi Jakub, yes they are both available from JavaScript for the duration of a single session. However, it might be easier for the attacker to just dump the contents of the session storage compared to trying to find the variable you used for the token.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Wouldn't using sessionStorage be as secure as using variables to store access token? Both are available from JavaScript for the duration of single session.
Hi Jakub, yes they are both available from JavaScript for the duration of a single session. However, it might be easier for the attacker to just dump the contents of the session storage compared to trying to find the variable you used for the token.