this is for holding javascript data
Alec Aivazis edited In_most_cases_in_order__.html
over 8 years ago
Commit id: 80f103fffabf7c7c50867c965d58cffcd3f3f390
deletions | additions
diff --git a/In_most_cases_in_order__.html b/In_most_cases_in_order__.html
index 18a5a0d..f4b0be2 100644
--- a/In_most_cases_in_order__.html
+++ b/In_most_cases_in_order__.html
...
In most cases, in order to achieve persistance, an additional storage mechanism is required whose lifetime exceeds the memory stack
of the browser window to store the session data. The two most common approaches are
cookies or
local storage. For a good comparison of the two for storing JWTs see
this blog post.
Summary: In short, local storage is susceptible to xss and cookies are susceptible to csrf. Since csrf protection is standard in most backend and xss is a bit tricker, I opted to store my JWT in a cookie with the HttpOnly, and Secure flags.