Home > Mobile >  is storing jwt token in cookies in nuxt js a best option cause ssr doesnt support localstorage
is storing jwt token in cookies in nuxt js a best option cause ssr doesnt support localstorage

Time:11-15

Best option to store jwt token.

CodePudding user response:

As told in my answer here, using cookies is better on the fact that it is available on both client and server.
But it is also more secure to do this than passing by localStorage.
You can google for more questions if you want further in-depth details!

CodePudding user response:

Localstorage is in my opinion the worst option.

Localstorage is accessible via javascript that means that an successfull XSS could read out the cookie and send it to the attacker.

I would rather use cookie. Why you might ask

Well you can:

  • Set httpOnly to true: This does not allow javascript in the browser to read the cookie. Only the server can read it
  • Set secure to true: A cookie with the Secure attribute is only sent to the server with an encrypted request over the HTTPS. The problem you might face is if you develop your application then you usually dont have https. Therefore you should make a if else statement like secure: process.env.NODE_ENV === 'production' ? true : false
  • Set SameSite to strict: This means only your domain example.com can read the cookie.

To making it more secure you can even sign your cookie.

Here an example how to create an cookie with express.js

res.cookie("myCookie", "my cookie value", {
  httpOnly: true,
  sameSite: 'strict',
  secure: process.env.NODE_ENV === 'production' ? true : false,
  maxAge: 360000
})

CodePudding user response:

yes, i suggest nuxt-auth module. this module has multiple schemes to authenticate users including localstorage and cookie and will prevent a lot of headache.

  • Related