Very helpful. Would you recommend on storing the access token within Redux store, or SessionStorage? To me, these 2 methods are same in aspects of security
As far as I know, If you're rolling your own authentication, a session token in an HttpOnly cookie should suffice.
The main reason to separate the access and refresh token is in cases where you need access to the token on the client side, e.g. to make requests from an iFrame or in situations where you don't have access to the cookies.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Very helpful. Would you recommend on storing the access token within Redux store, or SessionStorage? To me, these 2 methods are same in aspects of security
Agree.Those are good methods.
That's correct.
As far as I know, If you're rolling your own authentication, a session token in an HttpOnly cookie should suffice.
The main reason to separate the access and refresh token is in cases where you need access to the token on the client side, e.g. to make requests from an iFrame or in situations where you don't have access to the cookies.