Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Isn't JWT a modern alternative to CSRF tokens?


It's not. If you think it is you probably store JWT unsafely instead of in an httpOnly secure cookie.


Why do you think storing JWT in secure cookie is only secure solution?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: