token storage for web and native mobile
I am building a desktop/mobile website along with an native app. There is one thing I can’t figure out how to do it properly. That is the auth token storage management.
From the documentation/tutorial, most of them are using the Localstorge to store the token. But it is vunerable to xss attacks.
Also, for native mobile app can we use the device storage instead?Like AsyncStorage in react native. If so, how do we do that in same codebase?
dobbel last edited by
maybe this article will help:
@dobbel thanks for the article.
According to the article, seem there are lot things to do to prevent xss attack.
Still not convincing enough.
for eg from the article recommendation:
Go through every line of code to ensure you do not have XSS vulnerabilities.
Even I can do this, but still might have vulnerabilities in Quasar, or even Vue itself. and also might overlook the vulnerabilities as well.
All this seem not piratical to do in real life.