Question Protected by gnat

occurred Nov 22 at 13:46

Remove inappropriate meta content from question

Source Link

1.3k
2
12
19

(anyone can downvote my post but downvote and not sharing any good opinion is like a shiiter) I'm I'm building a web app using Spring Boot (backend) and React (frontend). My authentication is based on JWT, with both access token and refresh token.

The refresh token is stored in an HTTP-only cookie.
The access token has a short lifetime (15 minutes).

I'm unsure where the access token should be stored on the frontend:

localStorage - easy to use but potentially vulnerable to XSS attacks.
In-memory (e.g. React state or a context) - safer, but the token is lost when the user refreshes the page.

In this setup, what is the recommended place to store the access token, and why? Should I keep it in localStorage for persistence, or only in memory for security?

(anyone can downvote my post but downvote and not sharing any good opinion is like a shiiter) I'm building a web app using Spring Boot (backend) and React (frontend). My authentication is based on JWT, with both access token and refresh token.

The refresh token is stored in an HTTP-only cookie.
The access token has a short lifetime (15 minutes).

I'm unsure where the access token should be stored on the frontend:

localStorage - easy to use but potentially vulnerable to XSS attacks.
In-memory (e.g. React state or a context) - safer, but the token is lost when the user refreshes the page.

In this setup, what is the recommended place to store the access token, and why? Should I keep it in localStorage for persistence, or only in memory for security?

I'm building a web app using Spring Boot (backend) and React (frontend). My authentication is based on JWT, with both access token and refresh token.

The refresh token is stored in an HTTP-only cookie.
The access token has a short lifetime (15 minutes).

I'm unsure where the access token should be stored on the frontend:

localStorage - easy to use but potentially vulnerable to XSS attacks.
In-memory (e.g. React state or a context) - safer, but the token is lost when the user refreshes the page.

In this setup, what is the recommended place to store the access token, and why? Should I keep it in localStorage for persistence, or only in memory for security?

edited title

Link

edited Nov 11 at 8:14

Conquer the world

71
3

Where should I store the access token in a Spring Boot + React JWT authentication setup?

added 93 characters in body

Source Link

edited Nov 11 at 8:11

Conquer the world

71
3

I'm(anyone can downvote my post but downvote and not sharing any good opinion is like a shiiter) I'm building a web app using Spring Boot (backend) and React (frontend). My authentication is based on JWT, with both access token and refresh token.

The refresh token is stored in an HTTP-only cookie.
The access token has a short lifetime (15 minutes).

I'm unsure where the access token should be stored on the frontend:

localStorage - easy to use but potentially vulnerable to XSS attacks.
In-memory (e.g. React state or a context) - safer, but the token is lost when the user refreshes the page.

In this setup, what is the recommended place to store the access token, and why? Should I keep it in localStorage for persistence, or only in memory for security?

I'm building a web app using Spring Boot (backend) and React (frontend). My authentication is based on JWT, with both access token and refresh token.

The refresh token is stored in an HTTP-only cookie.
The access token has a short lifetime (15 minutes).

I'm unsure where the access token should be stored on the frontend:

localStorage - easy to use but potentially vulnerable to XSS attacks.
In-memory (e.g. React state or a context) - safer, but the token is lost when the user refreshes the page.

In this setup, what is the recommended place to store the access token, and why? Should I keep it in localStorage for persistence, or only in memory for security?

(anyone can downvote my post but downvote and not sharing any good opinion is like a shiiter) I'm building a web app using Spring Boot (backend) and React (frontend). My authentication is based on JWT, with both access token and refresh token.

The refresh token is stored in an HTTP-only cookie.
The access token has a short lifetime (15 minutes).

I'm unsure where the access token should be stored on the frontend:

localStorage - easy to use but potentially vulnerable to XSS attacks.
In-memory (e.g. React state or a context) - safer, but the token is lost when the user refreshes the page.

In this setup, what is the recommended place to store the access token, and why? Should I keep it in localStorage for persistence, or only in memory for security?

Improve formatting, trim fluff

Source Link

edit approved Nov 11 at 8:05

jonrsharpe

1.3k
2
12
19

Loading

Source Link

asked Nov 11 at 7:59

Conquer the world

71
3

Loading

Stack Exchange Network

Return to Question

Where should I store the access token in a Spring Boot + React JWT authentication setup?