Answer the question
In order to leave comments, you need to log in
What happens if jwt token is stolen?
Hello! I heard that if the token is stolen, then it can somehow be used, but how to understand if it is stolen? After all, the token is usually stored in cookies (or somewhere else), then everyone can copy this token and somehow use it. Or did I not understand something? Thanks for the answers
Answer the question
In order to leave comments, you need to log in
If the tokens are in localstorage, then in theory they can be stolen through a malicious browser extension. A fictitious crook sells you an extension, then it steals tokens from storage, the scammer inserts these tokens into his storage and enters your site. If the tokens are in cookies, then the link is .
Well, this is provided that the backend does not check at all who uses and used tokens, that the cookies are not HTTPS, that someone really wants to get access to your account, and that in general there is not much protection on the backend.
here is another useful link https://habr.com/en/post/502702/
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question