Quick question regarding auth with JWT

Hi, recently finished my voting app but kinda cheated with the authentication by using facebook’s JS SDK.

Now I am back to studying authentication and security and one question arose.

Do I need cookies when using JWT?

From my understanding a JWT gets created and sent to the client on a successful login. The client then includes this token in every subsequent request and the server can authenticate requests with this token.

This seems cookie-esque to me but now I read about how unsecure localStorage is and that a JWT should be saved in a cookie.
(EDIT: to clarify: it seems redundant to store the token in a cookie, but maybe I am missing something)

That seems so weird to me. I’d really appreciate if someone could shed some light on this.

Best Regards!

Here’s a good read on the subject: https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage

Thanks a lot for the link. Cleared up a couple of things for me!

1 Like