Replies: 1 comment
-
|
The Laravel team suggest using the cookie approach so that is what I prefer to use. The main reason for this is security. While I am not an expert in security my understanding is that the cookie can not be tampered with or used via another device. A Bearer token is normally stored in local storage to maintain state in your SPA. If you don't store it somewhere you would have to continually authenticate your user which would be very annoying. Anything stored in local storage is available for someone else to see and therefore someone could get hold of the stored Bearer token and use it maliciously. What you would normally do with the token method of authorisation is set a very low expiry time to minimise the risk of a token being usable if stolen. Mohamed from the Laravel team explains things here https://www.youtube.com/watch?v=Kd3hcrxtTHA |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
All reactions