Sam Hames

Currently: “So many dependencies.”

Storing tokens in single-page applications - DEV

https://dev.to/bjornlindholmdk/storing-tokens-in-single-page-applications-322k

A suggestion on where to store your secret tokens (for authentication) in single page applications.

TLDR: if your client and server applications are served on the same domain - use HTTPonly cookies with secure, domain and samesite attributes set. JS running on the page will then not have access to the token at all, preventing certain classes of XSS.

Tags

Related By Tags

Details

Revised
Created
Edited