Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[APPSEC] Draft guideline and rationale to use cookies for JWTs, not LocalStorage or SessionStorage #9

Open
tohch4 opened this issue Sep 17, 2020 · 1 comment
Open

[APPSEC] Draft guideline and rationale to use cookies for JWTs, not LocalStorage or SessionStorage #9

tohch4 opened this issue Sep 17, 2020 · 1 comment

Comments

@tohch4
Copy link
Contributor

tohch4 commented Sep 17, 2020

As a Flexion security engineer, to be define better application security standards regardless of customer site, I want guidance to explain that developers ought to use properly configured cookies, not LocalStorage or SessionStorage, to save sensitive session data in the claims of a JWT.
@tohch4
Copy link
Contributor Author

tohch4 commented May 18, 2021

It seems like it is time to revive this one as well. I will pick this one up.

@tohch4 tohch4 self-assigned this May 18, 2021
@tohch4 tohch4 removed their assignment Nov 5, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tohch4