I am using node js for validating user and sending back JWT token. I am using Angular 6.0 for front end. My question is Where to store this token at client side? and How to secure this token if I am using localstorage at client side?
Asked
Active
Viewed 330 times
1 Answers
2
sort flow:
1, store refresh_token at cookie with httpOnly (mean u need a backend sever to stored it)
2, each time your client go to website(even reload, etc...), u need get access_token from back-end and return it to front-end. So this thing can prevent XSS attack but CSRF is another story.
Beo Stepens
- 47
- 5