Menu
I want to use Local or session storage to save authentication token in angular 2.0.0. I use angular2-localstorage but it works only angular 2.0.0-rc.5 and when I used it in 2.0.0 it through me Type error. I want to use default local storage of Angular 2.0.0.
341
To reiterate, whatever you do, don't store a JWT in local storage (or session storage). If any of the third-party scripts you include in your page is compromised, it can access all your users' tokens. To keep them secure, you should always store JWTs inside an httpOnly cookie.
Conclusion. Both cookies and localStorage are vulnerable to XSS attacks. However, cookie-based token storage is more likely to mitigate these types of attacks if implemented securely. The OWASP community recommends storing tokens using cookies because of its many secure configuration options.
Storing tokens in browser local storage provides persistence across page refreshes and browser tabs, however if an attacker can achieve running JavaScript in the SPA using a cross-site scripting (XSS) attack, they can retrieve the tokens stored in local storage.
Save to local storage
localStorage.setItem('currentUser', JSON.stringify({ token: token, name: name })); Load from local storage
var currentUser = JSON.parse(localStorage.getItem('currentUser')); var token = currentUser.token; // your token For more I suggest you go through this tutorial: Angular 2 JWT Authentication Example & Tutorial
59
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
