Web applications are not static sites but a careful composition of static and dynamic content. More common than not, the web application logic runs in the browser. Instead of fetching all content…

Mouad Dadda

Tailwind CSS

Community Picks is a section on daily.dev where our community members share the most interesting and valuable content they've discovered online. From insightful articles to handy tools, every post is a gem curated by our dedicated coomunity. To contribute to Community Picks, you need to have at least 250 reputation points, ensuring that only active and trusted members can share their finds.

Community Picks

Web applications often use OAuth 2.0 for data security, which involves storing access tokens. This piece examines various browser storage solutions like local storage, session storage, and cookies, highlighting their vulnerabilities to XSS and CSRF attacks. The token handler pattern is recommended for enhancing security, suggesting encrypted tokens stored in secure cookies and managed by backend components.

Best Practices for Storing Access Tokens in the Browser

the problem with using cookie is that if you set it to secure and http-only. JS cannot read it and decode it. So it won’t work clientside if you have components on your page that should be shown depending to which roles you are in. I might have understood it wrong here. In that case my appologies

Great post with clear instructions.

Really useful and interesting! Thanks