Hi, everyone! I am Osman Zakir and this is my first post on Hashnode.
I wanted to talk about JWTs--namely, something about putting them in HTTP-only cookies that I've noticed is never mentioned in any tutorial I've read. I thought I'd try filling in the gap. People will be able to figure this out on their own, yes, but I think this will make it easier.
When you're developing a full stack app where your client and server are running on separate ports on localhost, you need to put <code>secure: true</code> and <code>sameSite: "none".</code>But of course, for secure cookies to work, you have to serve your site (both server and client) over HTTPS. And securing localhost is a headache. I had to give that up and deploy my app while still in development to get it to work. But I'm still having issues with CORS policy.
I'm sorry if this got too long-winded. I hope this will prove useful to some people.

Hi, everyone! I am Osman Zakir and this is my first post on Hashnode.

I wanted to talk about JWTs--namely, something about putting them in HTTP-only cookies that I've noticed is never mentioned in any tutorial I've read. I thought I'd try filling in the gap. People will be able to figure this out on their own, yes, but I think this will make it easier.

When you're developing a full stack app where your client and server are running on separate ports on localhost, you need to put `secure: true` and `sameSite: "none".`But of course, for secure cookies to work, you have to serve your site (both server and client) over HTTPS. And securing localhost is a headache. I had to give that up and deploy my app while still in development to get it to work. But I'm still having issues with CORS policy.

I'm sorry if this got too long-winded. I hope this will prove useful to some people.

JWT in HTTP-Only Cookies