Home > Back-end >  Is it okay to store these data in local storage as long as I properly validate everything in the bac
Is it okay to store these data in local storage as long as I properly validate everything in the bac

Time:01-24

I'm doing a project to learn full stack development using MERN stack. I'm using jwt token for authentication. Here is what I sent to the client and store it on local storage when I login

username: migo

isAdmin: true

token: jwtToken

email: [email protected]

I thought that I should only store the token on localstorage and decode it to get isAdmin, username, email, etc. What is the proper way to handle that? Am I doing something wrong?

CodePudding user response:

Yes , you can save only the JWT web token on the browser's local storage and decode it on the backend/server side. But while sending the JWT as a response to frontend, make its property httpOnly:true for much better security so no 3rd person can access the JWT token

You can refer the below link for example

https://iditect.com/article/express-uses-jwt-and-httponly-cookie-for-security-verification.html

CodePudding user response:

Local storage should only contain data that is not sensitive, and that is not used to access your backend. Thus, I would say that you're safe to store information like isAdmin or username in the local storage. (Note that flags such as isAdmin should only be used for non-security purposes. E.g., to show a different user icon, theme, or maybe menu options)

If you have an option to store the JWT access token in an HTTP-only, secure cookie, then you should go with this solution. Nowadays it's not recommended to store tokens in local storage, as they're vulnerable to XSS attacks there.

Page link:https//www.codepudding.com/Backend/681620.html

Prev:R shiny downloadbutton aligned to other input elements like dateInput
Next:How to implement XRay in NodeJS project?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding