User info are saved in local storage which is vulnerable to user

Question

User info are saved in local storage which is vulnerable to user

Closed this issue 2 years ago · 10 comments

The user information like email, password, token are saved in local storage which is vulnerable to user privacy. Come up with a solution to address this issue.

Answer 1 · 2022-10-17T02:23:46.000Z

@roopeshsn i would like to work on this issue. Can you assign this to me?
My approach is in the backend we need to only send token after login or sign in

Answer 2 · 2022-10-17T14:02:14.000Z

So It won't save the credentials in local storage, right?

Answer 3 · 2022-10-17T14:21:43.000Z

Yes it won't get stored except jwt.

Answer 4 · 2022-10-17T14:50:26.000Z

Can't we store jwt in a cookie?

Answer 5 · 2022-10-17T15:43:31.000Z

local storage does the same thing as cookie right?
Just curious, is there any specific reason for storing jwt in cookie?

Answer 6 · 2022-10-20T01:12:42.000Z

local storage does the same thing as cookie right? Just curious, is there any specific reason for storing jwt in cookie?

https://coolgk.medium.com/localstorage-vs-cookie-for-jwt-access-token-war-in-short-943fb23239ca

Answer 7 · 2022-10-20T05:59:54.000Z

@s-vamshi localStorage can be accessed by the browser but the cookies are 'set and read' only by the backend and client doesn't have any control over it.

Answer 8 · 2022-10-20T06:01:36.000Z

@roopeshsn u can assign it to me if @s-vamshi is not available.

Answer 9 · 2022-10-20T06:06:36.000Z

@roopeshsn I caught up with some other work so you can assign it to @ozair-dev.

Answer 10 · 2022-10-20T10:41:30.000Z

You can work on this issue @ozair-dev!