Storing JWT token in the Local Storage

In the React Course, section Authentication and Authorization, Mosh is storing the JWT token in the Local Storage, but I read lots of articles saying that storing the token in the Local Storage is not secure, so , is this correct? and if it’s not secure, then what alternative we can use for storing the token?
Thank you

It’s actually ok for mosh project because the vidly app is not that complicated or does not contain complex data to be worry about, but there are some solution :
1-Use Redux
Watch the first 10 minutes to understand how it works :

2-And take a look at this article, i hope it does help you :


I know what Redux is and I don’t want to use it in my application, and it can’t be a solution for this problem, also it’s not about videly app, it’s about to learn how things are done in React correctly, I watch the courses of Mosh because I trust that he uses the best practices, and the security measures are not related to how complex or simple application is, every application must be secured and I must worry about any data.
Thank you for the stack overflow link, but it is not useful

1 Like

What you’re learning about react is through out the vidly app, so it is about the vidly app and the security of dates you are using in vidly app.
And the security measures are related to complexity or simplicity of the applications, for instance some app like vidly that rents movies is simpler that twitter & telegram and has less important data because they have millions of users as opposed to small app like vidly, i hope that make sense

And i searched about this problem and it sounds like there is only one solution for it.
Take a look at these 2 articles :

excuse me, are you student in this website? or you are working here to reply to student? It’s important to me to know, in order to know to whom I’m talking to.

if you are just student, I would like to know the answer from Mosh or someone who responsible to talk on behalf of Mosh, I know how to search the internet and get answers, but I want to know Mosh’s opinion
if you are not student and you are working here to answer the student of Mosh, then your answer of the security depends on how the application is complex is totally wrong and not acceptable, because if someone hack a personal information of a user, then he can use these information to hack everything related to this user, even his/her accounts in other websites, for example, I had account in a website that didn’t secure my data, once that website is hacked, my other accounts in the internet were hacked too because I’m using same username and password for all these accounts

I’m not working here as a reply guy and you are not gonna get answers from mosh directly or someone that talks on behalf of mosh.
This forum is for people who took mosh courses and have some difficulty understanding some complicate concepts.
If you know how to search in internet then you should probably do that because you are not going to find an definite answer here and searching is something that a good developer does.
And if some hacker has access to the information of an user, the hacker has access to the database that contains all the users information which is what that happened on twitter 1 or 2 months ago :heart:

Man, since when you are in the dev job? are you new to the field? who told you that if the hacker has access to the user information it means that he hacked the database?

Since the JWT does not contain credentials it can’t be used to hack the user’s accounts on other websites. It can only be used to use Vidly until it’s expired or revoked.

1 Like

But it’s not my question, despite that the hacker can take the token and use it to access my website and purchase things on behalf of me in the same website, but my main question, why Mosh used the Local Storage in the course while it’s not secure?