this is for holding javascript data
Alec Aivazis edited In_most_cases_in_order__.html
over 8 years ago
Commit id: 46b933fcaed22f97152770a8f887176b69bbb092
deletions | additions
diff --git a/In_most_cases_in_order__.html b/In_most_cases_in_order__.html
index f4b0be2..a72120e 100644
--- a/In_most_cases_in_order__.html
+++ b/In_most_cases_in_order__.html
...
In most cases, in order to achieve persistance, an additional storage mechanism is required whose lifetime exceeds the memory stack of the browser window to store the session data.
The two most common approaches are cookies or local storage. For a good comparison of Two options exist in the
two for mainstream: storing
JWTs see this blog post. In short, local storage is susceptible to xss and cookies are susceptible to csrf. Since csrf protection is standard in most backend and xss is a bit tricker, I opted to store my JWT in a
cookie with session token that is referenced agains the
HttpOnly, and Secure flags. server, or an encrypted version of JSON called a JWT.