In most cases, in order to achieve persistance, an additional storage mechanism is required whose lifetime exceeds the memory stack of the browser window  to store the session data. The two most common approaches are cookies or local storage. For a good comparison of the two for storing JWTs see this blog post. Summary: In short,  local storage is susceptible to xss and cookies are susceptible to csrf. Since csrf protection is standard in most backend and xss is a bit tricker, I opted to store my JWT in a cookie with the HttpOnly, and Secure flags.