not really The JWT is stored in httpOnly cookie So the JS on 603466164219281420 #general

Channels

welcome-namratha

welcome-olawumi

welcome-ichikawakazuto

welcome-pineappaul

github-activity

welcome-foxbarrington

welcome-sidebar

welcome-nightlight

welcome-naberyou66_

welcome-lukeacollins

welcome-alpinjs

welcome-poothebear

welcome-mozomig

welcome-claybiokiller

welcome-0xdelusion

welcome-john-oliver

welcome-goetzum

welcome-syntaxerror

welcome-cosmoecwsa

welcome-samuel-qosenergy

welcome-mardadi

welcome-galto4ir

welcome-notankit

welcome-aleksandrc

welcome-kelvinwop

welcome-hossambarakat

welcome-turbosepp

welcome-naveenkumar

welcome-anthony-stod-custodio

welcome-surajsli

welcome-fromscratch

welcome-drebotelho

welcome-shubhamkaushal

welcome-hay-kot

welcome-vikram_shadow

welcome-shubhamgoel23

welcome-jonas-alexanderson

welcome-amberlamps1

welcome-nischith

welcome-jahir9991

welcome-lancekey

welcome-andrew-rodriguez

welcome-malik-khoja

welcome-jerry123424

welcome-mike-tectu

welcome-samuelstroschein

welcome-m-j-mon

welcome-meshguy

welcome-chwalbox

welcome-himanshu-kukreja

welcome-suyash_

support-questions

welcome-teclali

welcome-call-in

welcome-pavan-kumar-reddy-n

welcome-ankit-choudhary

welcome-metamorph

Title

# general

r

rp

09/01/2020, 9:00 AM

not really. The JWT is stored in httpOnly cookie. So the JS on the frontend can't read it anyway. If somehow it's stolen, then the attacker can use it to access APIs (and get / modify any user info), regardless of if it's a JWE or JWS