[Solved] Go-to path for JWT tokens

What's your go-to path for JWT tokens?

I currently store the a_session_projectid as a cookie, but secure and without HTTPOnly. Normally you should use HTTPOnly but I don't want to create a new JWT token for every request. Or should I?

The token is as you said 15 minutes valid. Do I store it for 15 minutes and create a new one after that? Do I check for the JWT validation the entire time to create a new one? 😄

or do I just create a JWT token every time I do a request? (Which is a lot)

I think in general, the JWTs are really intended for one-off use where a function/script needs to act as a specific User

They're not really intended for long-term use

So you think the a_session_projectid token should just be without HTTPOnly?

In general, sensitive tokens should be with, however this makes it unreadable for JS

(and there's only one token 😄 )

I think you should probably be using the Cookies instead

The header?

Yeah. Cookie auth is intended to be used the way you're using JWTs

Thanks, will do!

If your issue has been solved, you can close this post by adding “[SOLVED]” to the beginning of the title

You actually opened up a whole new scene for me haha. I am really grateful. Thanks!

[Solved] Go-to path for JWT tokens