5
We have a project and we will use a token de autorização, we’re using AngularJs to the front end and the back we develop in Java using Spring Framework and Spring Security, and send the token for header.
But my question is:
What is the best place to store the token de autorização on the client’s part, Local Storage or in Cookies and what is the difference between the two?
4
Depends!
With cookies, you don’t have to worry about sending the token to each request, as the browser takes care of this and other things like:
path, within the same domain;Cookie has size limitations (4 KB) when compared to localStorage (5MB), but to store tokens this will not be a problem.
But if you are working with Oauth, for example, which will commonly require you to control two tokens (the authorization token and the renewal token) and the advantages of the Cookie are not relevant in your context, it is best to focus both on the Store locale, for the sake of organisation.
This would be my position thinking about implementation. There are security issues of each solution which should be taken into account as well, as both solutions are vulnerable to some types of attack (XSRF, XSF and XSS).
It is an authentication without the Uth, do you find it more advantageous then to use cookies? In fact we should have thought about authentication at the beginning of the project, we are moving now and taking care not to compromise what we have ready
@Felipepaetzold, in general, I think so. If you expect to need flexibility in the future, think fondly of the Torage locale. There are security issues involved as well (XSRF, XSF and XSS searches) for each solution, and the Cookie ends up being more vulnerable. You need to understand your context to know what will be best :)
All right, it helped a lot thanks (:
Browser other questions tagged security-guard cookies localstorage token
You are not signed in. Login or sign up in order to post.
Related: Differences between localStorage Vs sessionStorage?
– Renan Gomes