Storing tokens in single-page applications - DEV
https://dev.to/bjornlindholmdk/storing-tokens-in-single-page-applications-322kA suggestion on where to store your secret tokens (for authentication) in single page applications.
TLDR: if your client and server applications are served on the same domain - use HTTPonly cookies with secure, domain and samesite attributes set. JS running on the page will then not have access to the token at all, preventing certain classes of XSS.
Tags
Related By Tags
- 🔗 We're breaking up with JavaScript frontends
- 🔗 Old CSS, new CSS / fuzzy notepad
- 🔗 A Conspiracy To Kill IE6
- 🔗 ClickHouse Playground
- 🔗 TABIX - Open source simple business intelligence application and sql editor tool for ClickHouse Database.
- 🔗 Axiomatic CSS and Lobotomized Owls – A List Apart
- 🔗 JavaScript for Data Science
- 🔗 Performance is a UX problem | Clearleft
- 🔗 Some nice basic CSS styles
- 🔗 Part 3: Identifying Cultural Threats and Risks — errbufferoverfl [dot] me
Details
- Revised
- Created
- Edited