Generally, the token is sent to the front-end when the user successfully logs in or registers successfully. The front-end can consider using cookies to store it, but don’t forget to use http-only. You can also use localStorage, sessionStorage and other mechanisms to store it, depending on your business needs. . In addition, because jwt is a base64 string generated according to certain rules, my personal suggestion is that the backend first uses AES or DES or other symmetric encryption methods to encrypt the token before issuing it to the front end. The front end brings the encrypted token before sending a request. This can increase the difficulty of cracking the token to a certain extent.
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
Putting the token in the cookie is not called JWT. The following HTTP Header needs to be used to pass it to the server
Generally, the token is sent to the front-end when the user successfully logs in or registers successfully. The front-end can consider using cookies to store it, but don’t forget to use http-only. You can also use localStorage, sessionStorage and other mechanisms to store it, depending on your business needs. . In addition, because jwt is a base64 string generated according to certain rules, my personal suggestion is that the backend first uses AES or DES or other symmetric encryption methods to encrypt the token before issuing it to the front end. The front end brings the encrypted token before sending a request. This can increase the difficulty of cracking the token to a certain extent.