Open in app

Sign in

Write

Sign in

Where should we store the JWT for SPA? Memory, Cookie, or LocalStorage?

Jen-Hsuan Hsieh (Sean)
A Layman
Published in
5 min readJun 7, 2020

--

Introduction

I develop an SPA application on Django/DWF recently. I used JSON Web Token (JWT) to authorize users for login and other operations. It’s Okay for me to create endpoints with JWT secure, exchange JWT with social medias’ access token.

Build Single page application with React and Django Part 3 — Use JWT with DRF and tests endpoints…

This topic is for building JWT endpoints for authorization and suppose that we have already had a Django application on…

medium.com

Build Single page application with React and Django Part 5.1-Exchange

We have mentioned that how to make endpoints with JWT authorization. What if we want to enable social login for social…

medium.com

However, the security issue is a critical issue for JWT. Where should we store the JWT? I tried some ways and wrote this note.

It includes the following topics.

  • The safest place: Browser’s Memory
  • Should we store JWT in the LocalStorage?
  • Double tokens policy: HttpOnly Cookie + CSRF token
  • Summary

1. The safest place: Browser’s Memory

--

--

A Layman
A Layman

Published in A Layman

126 Followers
Last published Nov 5, 2024

Web development and product management.

Jen-Hsuan Hsieh (Sean)
Jen-Hsuan Hsieh (Sean)

Written by Jen-Hsuan Hsieh (Sean)

390 Followers
213 Following

Frontend Developer🚀 Angular • React • Nest • Micro-frontend • https://daily-learning.herokuapp.com/

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams