@self@mii I think storing session tokens in localStorage is considered unsafe because localStorage is more open to XSS attacks. The bigger concern, though, is using JWT for session management at all, which is widely considered a bad idea. Here's one (of many) articles that go into that topic: https://dzone.com/articles/stop-using-jwts-as-session-tokens
@self @mii I think storing session tokens in
localStorageis considered unsafe becauselocalStorageis more open to XSS attacks. The bigger concern, though, is using JWT for session management at all, which is widely considered a bad idea. Here's one (of many) articles that go into that topic: https://dzone.com/articles/stop-using-jwts-as-session-tokens