Click here to Skip to main content
15,920,508 members
Please Sign up or sign in to vote.
5.00/5 (1 vote)
See more:

Lets say I have implemented Token based Authentication and what I do is that I store the token in LocalStorage of WebBrowser.

Everything is fine but I have not taken care of the hack.
I mean Since the token is in the browser storage for lets say 1 min but hackers can still hack it in 1 min.

How to face that ? or any new approach to cover it up ?

What I have tried:

Tried Googling but didnt find anything specific
Updated 20-Dec-18 1:59am

1 solution

This depends a bit on the level of control that you have over what is in the javascript included on your page. If all you are ever going to have is your own JS and you don't use any third-party frameworks or libraries, then the local store is fine.

If you think you might ever use an external library, though, you might need another method. An interesting one I've seen revolves around the use of httpOnly, digitally-signed cookies with embedded session tokens.

I found a very comprehensive write up about the problem and solutions here:
Please Stop Using Local Storage - DEV Community[^]
Share this answer

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900