this is for holding javascript data
Alec Aivazis added Now_that_we_have_decided__.html
over 8 years ago
Commit id: d71efaab8adf09141f942b368453dbe313744610
deletions | additions
diff --git a/Now_that_we_have_decided__.html b/Now_that_we_have_decided__.html
new file mode 100644
index 0000000..7b7996c
--- /dev/null
+++ b/Now_that_we_have_decided__.html
...
Now that we have decided to use JWTs, we need to figure out where to store them. The two most common approaches are
cookies or
local storage. For a good comparison of the two for storing JWTs see
this blog post. In short, local storage is susceptible to xss and cookies are susceptible to csrf. Since csrf protection is standard in most backend and xss is a bit tricker, I opted to store my JWT in a cookie with the HttpOnly, and Secure flags