I have a client that, once authenticated, stores a JWT in localStorage
. If a user closes the browser, and once again navigates to the site, the client first checks for the JWT in localStorage
, and if present, redirects via:
window.location.href = `/?jwt=${token}`
This works fine except I'm not a fan of the user experience. The user visits a page, is shown a login page, and then it abruptly redirects to a new page.
I have played around with hiding /auth/login
's UI if a JWT token is found, but it's still not great.
What are some better ways to handle the case where a user has left a site, comes back and should be logged in?
Is there a way for a user to return to a site after having closed their browser, and immediately be shown as logged in using JWT's?
This post does a great job of answering the question:
https://dev.to/rtfeldman/defense-against-the-dark-arts-csrf-attacks
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.