I’m currently working on a social network app for my Backend, I’m using
Django and for the Frontend
React-TS. After doing a bit of research, I’ve decided to use a JWT Token (Generated with help of
rest_framework_simplejwt), and use it in requests as a
Currently, I’m saving the
AccessToken and the
RefreshToken in the local storage, but having read a bit about how storing tokens in local storage can pose security risks, such as exposure to Cross-Site Scripting (XSS) attacks, I grew a bit worried.
I thought I’d ask here since I came across too many suggestions online (HTTP-Only Cookies, Database Storage with Encryption and Password-Based Encryption). Since I lack the experience to decide which to use when, I would appreciate any and every advice.
How do you store your Tokens and why?