Authentication using JWT token session storage vs local storage which authentication is secure and how

Question

令牌如何存储在本地存储和会话存储中 如何生成令牌以及哪个对于角度应用程序的管理员用户身份验证是安全的 使用令牌存储的角度身份验证与浏览器或应用程序中的会话存储一样安全

Answer 1

Local storage is a new feature of HTML5 that basically allows you (a web developer) to store any information you want in your user’s browser using JavaScript. 
In practice, local storage is just one big old JavaScript object that you can attach data to (or remove data from). 
Example:
// Considering it as a object
localStorage.userName = "highskillzz";
//or this way!
localStorage.setItem("objects", "0");

// Once data is in localStorage, it'll stay there forever until it // is removed explicitly 
console.log(localStorage.userName + " has " + localStorage.objects + " number of objects.");

// Removing data from local storage is also pretty easy. Uncomment 
// below lines
//localStorage.removeItem("userName");
//localStorage.removeItem("objects");

It was designed to be a simple string only key/value store that developers could use to build slightly more complex single page apps. That’s it.

Answer 2

In my understanding of JWT, local/session storage, and your question, using session storage to have JWT stored would be ideal as session storage is separate for each browser tab. It's just easier for a developer to manage tokens this way.

In terms of security, both local and session storage should be okay given that JWT is ephemeral.