re: Please Stop Using Local Storage VIEW POST


I disagree on the security concerns with LS and JWT. As others have said, you will have a much larger concern if an attacker can inject JS into your site. Proper use of JWT is implementing expirary and sensible authorization after one has authenticated.
Deferring to the Auth0 docs, they recommend LS or cookies for storage.


I'm very familiar with Auth0 and have a lot of friends there. That being said: the recommend incorrect things all the time.

Nobody is perfect, especially not security companies! We get things wrong all the time ^

  1. They do not recommend, they say you "can" use local***
  2. Right after that they say, you can use cookies too
  3. For both options they tell you what can go wrong
  4. For the local storage option, they mention XSS, exactly the thing this article is trying to educate us about
Code of Conduct Report abuse