sebadoom
commented
8 years ago Indeed. Switching to cookies is the right way of dealing with this. You would still need to sort out CSRF issues, but those can be dealt with in a safer way.
Open slashtu opened 8 years ago
sebadoom
commented
8 years ago Indeed. Switching to cookies is the right way of dealing with this. You would still need to sort out CSRF issues, but those can be dealt with in a safer way.
lnpbk
commented
8 years ago @slashtu If a token is modified, it fails decryption on the server-side, which can be caught before any sensitive data is returned.
hegdeashwin
commented
8 years ago If you are using your application on iOS Safari in private mode ... HTML 5 storage feature will not work ... 1 more reason to use cookie instead of local storage in case your web app. is supporting devices
localStorage can be accessed by JS, How to prevent XSS attacks?