javascript - Is it bad security to save jwt in cookie to pass it to local storage? -


in order twitter sign in work jwt sessions , angularjs, have created jwt twitter username , display name, passed cookie , saved local storage. here's relevant code:

log in users , save cookie:

app.get('/login/twitter', passport.authenticate('twitter'));     app.get('/login/twitter/callback', function(req, res) {         passport.authenticate('twitter' , {session: false} , function(err, user, info) {             if(err) {                 console.log(err);             }             var token;             token = user.generatetwitterjwt();             // res.status(200);             // res.json({             //  "token" : token             // });             res.cookie('jwt' , token);             res.render('login.jade');         })(req, res);     }); 

save local storage , remove cookie:

$scope.twittertest = function() {     var jwtcookie = $cookies.get('jwt');     authenticationservice.savetoken(jwtcookie).error(function() {         if(err) {             console.log(err);         }     }).then(function() {         $cookies.remove('jwt');         var url = '/profile';         $window.location.href = url;     }); } 

i'm wondering if there drawbacks doing this. security issues? i'm trying use jwt , angularjs save localstorage process because it's how set local login.

you can use browser sessionstorage instead of localstorage, sessionstorage more secure because deleted browser session end. , directly store in sessionstorage instead of cookie, cookie not required in case.


Comments

Popular posts from this blog

ZeroMQ on Windows, with Qt Creator -

unity3d - Unity SceneManager.LoadScene quits application -

python - Error while using APScheduler: 'NoneType' object has no attribute 'now' -