Isn't the cookie posing security risks if storing the access token? Which is why my train of thought was to store the 'access token' in the app itself by way of a data store and store the refresh token in the cookie with appropriate config so that on reload the SPA can use the refresh token to request for another 'access token' to avoid re-login for the user.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Deepak Choudhary
Deepak Choudhary

Written by Deepak Choudhary

Technology evangelist engineering solutions on weekdays and exploring life on the weekends. The joy of life lies in the gray zone.

No responses yet

Write a response