I have created a JWT using PHP following this tutorial. This is fine and as long as the token has not expired I can view other pages on the server.
I have a scenario like this:
login page, creates a JWT token on successful authentication.
View posts page, this retrieves posts from the server by passing the JWT.
I wondered how I can also protect this view posts page from direct access without having to create local sessions. As it stands view posts page can be accessed but nothing will be shown if there isn't a JWT token passed.
Normally the flow is to create a session locally on successful login and maintain the state like, just wondering if there is a way to see use the JWT token locally as well. Hope that makes sense. And if there any security considerations I should make.
Cheers
Top comments (0)