0

I am Developing a user module with Laravel 5 as backend with passport and Angular 4 is front end client.

In this Module After authenticating the user in server side passport issues a access_token , and refresh_token and i am storing both Tokens in Client side Local storage, and working fine.

My questions is what is the better way to store the user Auth token in client side "Local Storage" or "Cookies".

Can anyone Please suggest the better way to store the sensitive data from vulnerability.

Thanks in Advance.

Mike Feltman
  • 5,160
  • 1
  • 17
  • 38
Chinna M
  • 415
  • 2
  • 4
  • 17

1 Answers1

0

Local storage and cookie have their own advantage and disadvantages. so before selecting your storage take consider below points

Cookie are more prone CSRF attack so you should be careful.

Local storage token domain based so you can't access local storage tokens from other domain and sub domain.

if domain is not problem than i will recommend using local storage.

CharanRoot
  • 6,181
  • 2
  • 27
  • 45