Join Discord
Powered by
not really. The JWT is stored in httpOnly cookie. ...
# general
r
rp_st
09/01/2020, 9:00 AM
not really. The JWT is stored in httpOnly cookie. So the JS on the frontend can't read it anyway. If somehow it's stolen, then the attacker can use it to access APIs (and get / modify any user info), regardless of if it's a JWE or JWS
Previous
Next