Tell me how best to work with user data during authorization? Write some data about it in localStorage and take from there or store data about the user in the service?

And a side question. How to check client expiration time on a client? I had an idea to look for 401 answers, but it seems to me that something is not right.

  • one
    I would say to this question that you would find a billion answers in Google, as this is chewed and chewed. On the client, no one checks the time of expiration of the token, when forming the token, the server signs the JWT token with the private key. Token (signature) can not be faked. Built on public key cryptography - overthesanity 5:42 pm

1 answer 1

Use cookie

With jwt, the easiest option is to use cookies. The advantage of cookies is that they can be set when they expire. Resolve the issue of time validation accordingly. Create a token on the server, write to the server in the cookie with the date of delay. In this case, the client doesn't need to do anything at all.

Use sessionStorage

After authorization, write the token to sessionStorage and as long as the tab is live, the token will also live. And, of course, there will not be a token in another tab, and, accordingly, the client will not be authorized.

localStorage

localStorage will always store the token. But this should not be. Because with each Ajax request the token should be checked . And, accordingly, with 401 deleted, and after authorization overwritten again.