Replies: 1 comment 2 replies
-
|
You can mitigate this by using a refreshed based token. |
Beta Was this translation helpful? Give feedback.
2 replies
-
|
Using JWT is a way to authentication, but the client will do some storage code (such as use localstorage API). If JWT token storage in cookie (set-cookie in server), every request will take this cookie, the server can use mutli ExtractJwt way (extract in cookie or bearer header). |
Beta Was this translation helpful? Give feedback.
-
|
That's why you would only use an httpOnly cookie. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Cookie is easy for a web app, if we consider that use cookie to send jwt token?
but using cookie will be attacked by CSRF, it's another problem.
Beta Was this translation helpful? Give feedback.
All reactions