stackoom
  简体   繁体   中英

is storing JWT token in local storage safe?

 原文  2021-03-11 10:41:42       angular/ laravel/ jwt

Question

I m creating a web app, basically an Admin control panel, using Angular and Laravel and used JWT to secure my apis. My question is - if jwt token stores in local storage which is being used to authenticate all my api request, what if someone copy jwt token from local storage, and use it for api requests separately from the app? Then how is it secure? and what is the way secure it?

1 answers

solution1
 1  2022-03-21 10:53:49

It is not safe to save tokens in local or session storage. Those storages are vulnerable on XSS attacks. A good practise is to keep them in memory (as a variable) or as a http only cookie..

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Set Jwt Token in Local Storage - Angular Facing issue of storing the token in local storage in angular, particularly in login component Authentication using JWT token session storage vs local storage which authentication is secure and how if I store access token (JWT) in my local storage of angular project what is wrong in it? Cannot set Headers because interceptor intercept request before storing the token in local storage Angular 8 TypeScript HttpInterCepter in ionic 3 + ionic storage jwt token Angular 2 + local storage + JWT for IE9+? Ionic 2 app does not get JWT token from storage How to use angular jwt to intercept token with ionic storage? Angular - store Token in Local Storage inject
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM