Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
E
E
Evgeny Zalivadny2022-01-27 19:49:13
JSON Web Token
Evgeny Zalivadny, 2022-01-27 19:49:13

Is it safe to store the token in the browser's Session Storage?

Is it safe to store JWT Token in Session Storage and not HttpOnly Cookie?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Dmitry Belyaev, 2022-01-27
@Nordihan

The HttpOnly Cookie is available only to the server that is accessible by the domain that is registered in this cookie and no one else.
Storage is available to any script on the page. Accordingly, the contents of Storage can steal any script connected from the outside.

Similar questions
D
dron1122021-09-17 11:11:00
Why do I need to renew refreshToken every month? 1Reply
K
keyotor2021-09-18 17:27:48
How long to live for an authorization cookie? 0Reply
W
ward_ua2021-10-03 23:00:46
Why does a JWT include an open payload? 1Reply
I
Igor2019-10-10 16:36:25
Is there subline text on android? 1Reply
D
Denis Kuznetsov2021-10-15 00:16:30
How to send a request with a token to a secure keycloak service? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question