Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
askar982020-06-11 14:12:37
Java
askar98, 2020-06-11 14:12:37

Questions about how refresh token JWT works?

Hello! Now I'm working on security and there are several questions about the refresh token for JWT. I implemented it like this
1: When logging in, the user receives an access token in the form of json and each time passes them to the header, and I store the refresh token in an http-only cookie.
2: There is also a mapping to the /refreshtoken path which refreshes both tokens.

Question: Why do I need to store the refresh token in cookies if I can also update it with an access token by accessing /refreshtoken, or do I need to check cookies when refreshing?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
I
Ivan Shumov, 2020-06-11
@askar98

There is no need to store both of them in cookies. There is Local Storage.

Similar questions
Y
ytowka2020-07-05 17:12:45
Is it possible to use retrofit in java desktop applications? 1Reply
E
Evgeniy Rybalko2020-07-05 17:22:07
How to implement a factory method in Spring? 0Reply
E
EgoRedMC2018-07-09 02:04:29
Why is a Driver needed when connecting to a database? 2Reply
V
vitya_brodov2021-10-04 13:36:35
How to parse date from excel to java? 1Reply
A
Artem Kalachyan2013-10-26 20:51:52
JavaFX - jar build issue in Intellij Idea? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question