Home > database >  How to correctly store a user's jwt token on React
How to correctly store a user's jwt token on React

Time:11-21

What is the best, most secure and professional way to store a user's jwt token after logging into React?

I see many people saying that using localStorage is a good way.

For example:

localStorage.setItem("token", "ey.......")

Others say to use a library like Redux or others.

Could someone advise me?

Thanks

CodePudding user response:

Redux hasn't built-in persistent storage. It means on refresh of the page your key might be lost, and you need to re-login(authorize) once again. There is no "correct" way, there is "desired behaviour".

As already was suggested to you in comments you can use also cookies as a storage of the key, and I think it is one of the most preferable ways for now, as it is kinda safe solution.

Redux has middleware to persist its state. You can choose there what kind of storage you want to use as a long-term storage.

But, I wouldn't recommend you add redux to the project just to have it.

And there is a good answer on difference between most popular browser storages.

Read carefully and choose smart, there are some major differences like scope and secure between them.

CodePudding user response:

Although storing data in localStorage is not the worst choice. In my opinion the best, most secure and professional way will be following OWASP guide.

They suggest using sessionStorage with browser fingerprint as a precaution along with CSP

  • Related