Storing tokens in single-page applications

Storing tokens in single-page applications - DEV

https://dev.to/bjornlindholmdk/storing-tokens-in-single-page-applications-322k

A suggestion on where to store your secret tokens (for authentication) in single page applications.

TLDR: if your client and server applications are served on the same domain - use HTTPonly cookies with secure, domain and samesite attributes set. JS running on the page will then not have access to the token at all, preventing certain classes of XSS.

Details

Revised: 2020-11-08 06:06:14Z
Created: 2020-10-24 13:57:19Z
Edited: 2020-11-08 06:06:14Z

Sam Hames

Storing tokens in single-page applications - DEV

Tags

Details