I have a wcf Api which serves data to my site's users (Angular build). Every time a user connects to my site, I am returning the client with a token (JWT encrypted user Id) which is being stored by client in local storage, and being sent by the client to server in order for the server to know who the user is. The issue is that it is feels like a security breach. other user can copy the token and implement it on his browser which let him impersonate to another user. What am I doing wrong? What should I do different please?
Asked
Active
Viewed 71 times
1 Answers
1
What you are talking about is called Session Hijacking.
There are multiple solutions to prevent this but I don't think any solution works 100% but see this link for more info: What is the best way to prevent session hijacking?
Community
- 1
- 1
Poorya Mohammadi
- 751
- 1
- 8
- 18