I think you are correct in suggesting that state is still vulnerable, but it is less vulnerable than web storage because of it’s app-specific nature. This is outlined by one of our senior support engineers here:
Related topics
Topic | Replies | Views | Activity | |
---|---|---|---|---|
Which is the best way to store the auth0 token for a web app | 7 | 13427 | September 2, 2019 | |
How to trigger a react method after jwt localStorage | 1 | 7082 | March 2, 2018 | |
How to persist login with auth0-react after page refresh without localStorage? | 5 | 11369 | July 27, 2021 | |
Auth0-react maintaining authentication on page refresh | 2 | 3444 | January 12, 2021 | |
Using auth0 outside of React Components | 16 | 12546 | December 29, 2020 |