Hello,
I’m working on a project with the following setup:
- Frontend: React application
- Middleware: Forge (NodeJS)
- Backend: Separate backend service
I’m looking for advice on how to securely store JWT tokens in this architecture. I prefer not to use session storage or local storage for storing tokens.
My main question is whether it is feasible to use HTTP-only cookies for token storage when working with the middleware. Can HTTP-only cookies be set and managed from the middleware, and if so, what is the recommended approach for implementing this?
Thank you!