DEV Community

Discussion on: Should save acees token in local storage?

Collapse
 
joshualjohnson profile image
Joshua Johnson

Hey Ronald,

I wouldn't go about storing tokens in Local Storage. Instead you will want to look into storing the token as an encrypted cookie. Both encrypted by your and decrypted by your PHP application.

So once a user authenticates, send a set-cookie header back with the successful authentication. This cookie will be an encrypted json object that will include an accessToken. So any request made back to the PHP application will send that cookie. If that cookie is present, have the PHP application attempt to decrypt it. If successful then use that token to validate the user.

DO NOT USE LOCAL STORAGE. As that tends to stay around forever.

Collapse
 
rmirandasv profile image
Ronald

Thank you! I will try Cookie's approach!