1

What is the best, most secure and professional way to store a user's jwt token after logging into React?

I see many people saying that using localStorage is a good way.

For example:

localStorage.setItem("token", "ey.......")

Others say to use a library like Redux or others.

Could someone advise me?

Thanks

joswxc
  • 13
  • 3
  • store it in a cookie – Sachila Ranawaka Nov 20 '22 at 14:37
  • Dont store sensitive info in a jwt token, ideally store some id and store access token in some context and store the refresh tokens by identity providers on server and send user some enrypted token in place to the origninal refresh token to store on client – Azzy Nov 20 '22 at 14:43

1 Answers1

1

Redux hasn't built-in persistent storage. It means on refresh of the page your key might be lost, and you need to re-login(authorize) once again. There is no "correct" way, there is "desired behaviour".

As already was suggested to you in comments you can use also cookies as a storage of the key, and I think it is one of the most preferable ways for now, as it is kinda safe solution.

Redux has middleware to persist its state. You can choose there what kind of storage you want to use as a long-term storage.

But, I wouldn't recommend you add redux to the project just to have it.

And there is a good answer on difference between most popular browser storages.

Read carefully and choose smart, there are some major differences like scope and secure between them.

Alex Shtromberg
  • 740
  • 8
  • 21