i have a REST API back end that when users try to login , after a valid credential , it creates a JSON web token with 1h expiration and stores it in a cookie with 48h expiration time with HTTP set to be true.
when a user try to access some end point that needs authorization , first i check for valid cookie and try to get JSON web token from it. if its invalid , i remove that cookie and push user to login page. but if the token expired , i repeat the whole after login process again ( i.e create a new token and refresh the cookie ).
my question is: is this scenario secure or even valid ? all i want is to secure my JSON web token ( by not storing it on local storage ) and keep user logged in between refreshes. is there any better idea to implement this process ?
