'Storing JWT Refresh Tokens: Problems with both localStorage and HttpOnly. Need Help pls
React Beginner Here. This is kinda related to my previous question. I'm trying to build this login form using JWT but am still confused on where I'm going to store it. I need the refresh tokens in the storage to persist even after browser close or shut down but have an expiry date and can be shared across multiple tabs.
The problem with httpOnly cookies: As of my knowledge, even if I specify expiry dates and set all the necessary flags, it gets deleted on tab close and doesn't persist between multiple tabs. It does have an expiry date tho.
The problem with localStorage: It persist even on shutdown but you can't set an expiry date on the refresh token. Also, I believe it's not as safe as httpOnly because you have to manually delete it.
Question: Where should I store the refresh token for the given needs? If httpOnly, how can I make it so that it doesn't get annihilated on even a browser close or new tab. If localStorage, how can I expire the token within a given timeframe?
Extra: I store the access tokens in memory using context API
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|