JWT Redux React: why not State?

0
votes

I've read many debates for storing JWTs in localStorage, sessionStorage or HTTP Only cookies. It seems HTTP Only Cookies are the preferred storage mechanism due to XSS susceptibility in localStorage & sessionStorage.

When using Redux, why not just keep the JWT in state? (Besides the downside of having to re-log the user on every refresh). I'm sure this is obvious.

1
reactjscookiesreduxstatejwt
What do you mean "besides" ? That is the reason.azium
Because, when you refresh your app in the browser, your store is recreated (redux state). So you will then have to again check empty JWT, ask to login.Nagaraj Tantri

1 Answers

1
votes

Yes, it is because of the downside of having to re-log the user on every refresh.

I believe that's quite a significant reason for a good and consistent user experience.