Aren’t cookies also vulnerable to XSS attacks?

… JWT, which should contain an encoded user identifier in JSON format signed by our back-end server. We put the JWT into our cookie so that we don’t have to store it in local-storage and risk XSS attacks. This is what an authentication process for a user named TheLegend27 might look like using JWTs:
Sessionless Authentication using JWTs (with Node + Express + Passport JS)
5.3K
32
Bryan Manuele (Fermi Dirak)
Abdisalan Mohamud
·Follow
1 min read·
May 18, 2019
--
Aren’t cookies also vulnerable to XSS attacks?
--
--
Written by Abdisalan Mohamud58 Followers
·102 Following
Software Engineer, YouTuber, Tech Blogger. (he/him) More about here -> https://linktr.ee/abdisalan
Responses (1)
Help
Status
About
Careers
Press
Blog
Privacy
Terms
Text to speech
Teams