· 5 min read
SecurityWhy localStorage is the wrong home for your JWTs, how XSS turns it into a token vault for attackers, and what to do instead.
Read article· 5 min read
2 articles
Why localStorage is the wrong home for your JWTs, how XSS turns it into a token vault for attackers, and what to do instead.
A post-mortem on a broken access control bug that exposed other users' data — what went wrong, how we caught it, and how to prevent it.