API-Security-Checklist icon indicating copy to clipboard operation
API-Security-Checklist copied to clipboard
verified publisher icon shieldfy

JWT token should be stored securely if they are used as auth for browser users.

Open h4cker39 opened this issue 4 years ago • 0 comments

If an application are using JWT in browsers it should be stored securely in a cookie which requires:

  • Require SSL on the comunication
  • Enable HttpOnly
  • Send The Cookie To Only Your Application

h4cker39 avatar Jun 18 '21 16:06 h4cker39