Adel Benyahia
Nov 14, 2022

--

First thanks for your article πŸ‘
I will add
1. Using localStorage to store token is less secure, because its easily accessible using javascript, an attacker can retrieve your token and use it later.

Using httpOnly cookies is more secure, because it's not accessible using javascript.

2. You have to hache passwords before saving them to the database using bcrypt

3. Its safer to use two tokens, Access token with a longue expiration time that we store in cookies and generated only one time after login, and a refresh token with a relatively shorter (1 day for exemple) and saved in the memory in a global state for exemple.

A working exemple here
https://github.com/adelpro/MERN-auth-roles-boilerplate

--

--

Adel Benyahia

Web application developer (HTML β”‚ CSS β”‚ JS | ReactJS | NextJS | NestJS | MERN)