What is the best practice to store jwt token in client side?
Question
Is it safe to store jwt token in HttpSession? If it is not what is the best practice to store jwt token. So that it can be used for further usages in client.
public void setLoggedinUserInSession(HttpServletRequest httpServletRequest, String jwtToken){
HttpSession session = httpServletRequest.getSession(true);
session.setAttribute("token", jwtToken);
}
1 answers
solution1
0 2022-08-15 11:59:00
It's safe to store the jwt token in the http session. The jwt token itself should not contain any sensitive information since its contents are not encrypted but digitally signed
solution2
0 2022-08-16 14:43:36
Regarding your question - how to store JWT tokens on the client. Cookies are one of the ways to go. There are many small and big things to take care of, but they all are summarized by OWASP ASVS: https://github.com/OWASP/ASVS/blob/v4.0.3/4.0/en/0x12-V3-Session-management.md
One important thing: HTTP Session is not the way to go. Have a look how to handle cookies https://www.baeldung.com/java-servlet-cookies-session#1-create-a-cookie and do this instead.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.