Re: rest API create a signed_cookies including my token

I have read different posts or article that warn people about storing session data in the local storage. OWASP or http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/ That is why i would like to create a session coo

Re: rest API create a signed_cookies including my token

The only way to get the localstorage is if you get malicious code on your own page. The localstorage is specific for your site - it even is different if you have http and https for the same site. The way it could be exploited would be if you include js on your site (some third party thing) that sc

Re: rest API create a signed_cookies including my token

Hi, I thought also about storing the token in the local storage, but according to my research it is not safe because it is open to xss attack and the token will be accessible from any browser's tab using javascript. Is localstorage widely used to store the token even if it is not safe ? That i

Re: rest API create a signed_cookies including my token

Hi, I wouldn't use session based backends at all - because then you will need to do session based login instead of using the token. This is not a standard way of doing rest requests at least. What I would do is just save the token in localstorage on the client. This is the way we do it for handli

rest API create a signed_cookies including my token

Hi, I am looking for information/help about storing my token in a cookie in a safe way. Backend : Django rest framework - Frontend Reacjs I am using django-rest-framework-social-oauth2 to get a token (from different provider