httponly cookie

JWT Storage in Rails + React The Right Way

Local or session storage in the browser might feel like the right place to store a JWT when authenticating your client-side app against a backend API. Maybe it feels like the right place because I told you to do that. But its not right! Its wrong and its insecure. Instead,…