I am using React, laravel and jwt-auth
I save my tokens as a React state but when refreshing the page it's gone and that is logical.
The question is where should I keep my tokens?
I don't want to keep them in session storage, local storage or cookies because of XSS attack,
Is it possible to just call for another token using jwt-auth like with Auth0?
note: there is a function called refresh() in jwt-auth but to use it i need to input the old token as a header
Asked
Active
Viewed 40 times
0
Lana Hanna
- 15
- 3
-
Answered here: https://stackoverflow.com/questions/48983708/where-to-store-access-token-in-react-js – Nitsan Cohen Aug 18 '21 at 09:16