Where to store JWT?

where to store JWT ?

I researched for JWT storage, some says localstorage / cookie/ etc…
So which one will be better in terms of protection

1 Like

If you can, you should use a session cookie between the SPA and backend.

In the context of an application that runs in the client (React, Angular, Vue, etc, etc) where you must keep an access token in the client, storing them in memory is what I would recommend. Using scope limited, not global, variables.