User JWT sent to the browser as an HTTP-only cookie. My question is, what is the best way to communicate the display name and user database ID, etc. to the browser?
I know that information can and does be set in the JWT payload, but isn't it best practice to make that cookie (JWT) unavailable to client-side JavaScript?
I can think of two ways - setting custom response headers, or sending the data as JSON in a
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
-
About us
Disclaimer
Sitemap
-
php.cn:Public welfare online PHP training,Help PHP learners grow quickly!
Multiple cookies can be sent to the browser, and they can optionally be marked as HTTP Only, as shown below. Additionally, your server can send data/JSON in response to your browser XHR/Fetch requests.
let cookieArray = []; cookieArray.push(`displayName=${displayName}`); cookieArray.push(`id=${id}`); cookieArray.push(`email=${email}`); cookieArray.push(`token=${cookie}; HttpOnly`); response.setHeader('Set-Cookie', cookieArray);result: