Guide

Where to store a JWT: localStorage vs cookie

Where you store a JWT in the browser changes your XSS and CSRF risk.

Try decoding a token yourselfJust paste and the header, payload and claims unfold instantly.
Open the decoder

Related