<p>I am using Rails API to generate a JWT on user login. Now I need to persist this token. After some reading, I found out that there are two ways of doing this. I can either use <code>local storage</code> or <code>cookies</code>. They both have the problem of <code>XSS</code> and  <code>CSRF</code> respectively. I am not sure how this should work. I am using react  in the frontend.</p>


I am using Rails API to generate a JWT on user login. Now I need to persist this token. After some reading, I found out that there are two ways of doing this. I can either use `local storage` or `cookies`. They both have the problem of `XSS` and  `CSRF` respectively. I am not sure how this should work. I am using react  in the frontend.

How do we store JWT in a web app?

Product

Explore

Company

Blogs

Support