Hi, recently finished my voting app but kinda cheated with the authentication by using facebook’s JS SDK.
Now I am back to studying authentication and security and one question arose.
Do I need cookies when using JWT?
From my understanding a JWT gets created and sent to the client on a successful login. The client then includes this token in every subsequent request and the server can authenticate requests with this token.
This seems cookie-esque to me but now I read about how unsecure localStorage is and that a JWT should be saved in a cookie.
(EDIT: to clarify: it seems redundant to store the token in a cookie, but maybe I am missing something)
That seems so weird to me. I’d really appreciate if someone could shed some light on this.