In most cases, in order to achieve persistance, an additional storage mechanism is required whose lifetime exceeds the memory stack of the browser window to store the session data. The two most common approaches are cookies or local storage. For a good comparison of Two options exist in  the two for mainstream:  storingJWTs see this blog post. In short, local storage is susceptible to xss and cookies are susceptible to csrf. Since csrf protection is standard in most backend and xss is a bit tricker, I opted to store my JWT in  a cookie with session token that is referenced agains  the HttpOnly, and Secure flags. server, or an encrypted version of JSON called a JWT.