Secure Authentication Patterns
Token storage (memory vs localStorage vs httpOnly cookie), silent refresh, logout on tab close.
Tokens and Where They Live
SPAs authenticate with tokens, but where you store them decides your XSS and CSRF exposure. The modern pattern splits a short-lived access token from a long-lived refresh token, each stored differently.
The localStorage Problem
Storing tokens in localStorage is convenient but dangerous: any XSS-injected script can read it and exfiltrate the token. Avoid putting credentials there.
// AVOID
localStorage.setItem("token", accessToken);All lessons in this course
- XSS Prevention in Vue
- Content Security Policy (CSP) with Vue
- CSRF Protection in Vue SPAs
- Secure Authentication Patterns