does Token Based Authentication requires to store token in DB ... | token based authentication where to store token
Ifyouarebuildingawebapplication,youhaveacoupleoptions:HTML5WebStorage(localStorage/sessionStorage)CookiesIfyoucomparetheseapproaches,bothreceiveaJWTdowntothebrowser.BotharestatelessbecausealltheinformationyourAPIneedsisintheJWT.BotharesimpletopassbackuptoyourprotectedAPIs.Thedifferenceisinthemedium.WebStorage(localStorage/sessionStorage)isaccessiblethroughJavaScriptonthesamedomain.ThismeansthatanyJavaScriptrunningonyoursitewillhaveaccesstowebstorage,andbecauseofthiscanbevulnerabletocross-sit...
If you are building a web application, you have a couple options:
HTML5 Web Storage (localStorage/sessionStorage) CookiesIf you compare these approaches, both receive a JWT down to the browser. Both are stateless because all the information your API needs is in the JWT. Both are simple to pass back up to your protected APIs. The difference is in the medium.
Web Storage (localStorage/sessionStorage) is accessible through JavaScript on the same domain. This means that any JavaScript running on your site will have access to web storage, and because of this can be vulnerable to cross-site scripting (XSS) attacks. XSS in a nutshell is a type of vulnerability where an attacker can inject JavaScript that will run on your page. Basic XSS attacks attempt to inject JavaScript through form inputs, where the attacker puts <script>alert(You are Hacked);</script> into a form to see if it is run by the browser and can be viewed by other users.
As a storage mec...