Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
E
E
Evgeny Zalivadny2022-01-27 19:49:13
JSON Web Token
Evgeny Zalivadny, 2022-01-27 19:49:13

Is it safe to store the token in the browser's Session Storage?

Is it safe to store JWT Token in Session Storage and not HttpOnly Cookie?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
D
Dmitry Belyaev, 2022-01-27
@Nordihan

The HttpOnly Cookie is available only to the server that is accessible by the domain that is registered in this cookie and no one else.
Storage is available to any script on the page. Accordingly, the contents of Storage can steal any script connected from the outside.

Similar questions
S
Seva2017-08-03 13:59:25
DOMDocument and insertbefore? 2Reply
N
nepster-web2017-02-10 15:08:30
How to generate a unique key for JWT if it is not recommended to store it in the database? 1Reply
D
dsvsdv2017-04-06 11:01:10
Why do you need a jwt strategy? 1Reply
L
Larisa .•º2019-09-27 22:12:27
How to return a callback to the client? 1Reply
A
animr2019-10-22 13:34:04
Why doesn't the jwt class see the file in the same folder? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question