devdesignerstudio
commented
1 year ago in my poor opinion i believe Since you are using JWT after user loggin in requesting field "token" on Session Cookie to authenticate user through your app you should have cleaned password value input on local storage or should have never set it there
i've sent you an e-mail about coinOS security breach subject: field password at Login screen since you are saving it on Local Storage besides you are saving non encrypted password on it and you do not clean it after user logging in so imagine a possible use case: a staff who receives payment for his employer a malicious unsatisfied staff could take a look at "password" storage key in Local Storage without problems and steal it occasionally today your app is only cleanning it up after user logging out i believe it is a security breach but its up to you you're welcome best regards