Control Systems and Computers, N6, 2020, Article 6
https://doi.org/10.15407/csc.2020.06.055
Control Systems and Computers, 2020, Issue 6 (290), pp. 55-63.
UDK 004.9
O.S. BULGAKOVA, PhD Eng. Sciences, associate professor of the Information Technologies department, V.O.Sukhomlynsky Mykolaiv National University, Nikolska str., 24, Mykolaiv, 54000, Ukraine, sashabulgakova2@gmail.com
V.V. ZOSIMOV, Doctor of Eng. Sciences, Docent, Head of the Department of Information Technologies, V.O.Sukhomlynsky Mykolaiv National University, Nikolska str., 24, Mykolaiv, 54000, Ukraine, zosimovvv@gmail.com
P.D. POPRAVKIN, Master’s student, specialty 122 Computer Science, V.O.Sukhomlynsky Mykolaiv National University, Nikolska str., 24, Mykolaiv, 54000, Ukraine, E-mail: pavel.popravkin.dm@gmail.com
STORING A JWT TOKEN IN A LOCAL VARIABLE
The article discusses the problem of storing structured information over the Internet (JSON format) in local storage and pieces of information transmitted to the browser from the site visited by the user (cookies), and a method is proposed for storing the JSON web key in a local variable inside the closure (functions that refer to into independent variables). Based on user authorization, the interaction of the JSON web key with the server is shown, and the solution to the main problems of authorization and storage of the token (JWT – JSON Web Token).
Download full text! (In English).
Keywords: JWT, token saving, local variable, Cookie, LocalStorage, CSRF attack, XSS attack.
- COURSE on Udacity “Scalable Microservices with Kubernetes by Google” . [online] Available at: < https://www.udacity.com/course/scalable-microservices-with-kubernetes–ud615>[Accessed 22 Oct.2020].
- JSON Web Tokens. [online] Available at: <jwt.io>[Accessed 21 Oct.2020].
- Cross Site Scripting (XSS) Software Attack. https://owasp.org/www-community/attacks/xss/.
- Cross Site Scripting Prevention Cheat Sheet[online] Available at: <https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html>[Accessed 22 Oct. 2020].
- Password stealing from HTTPS login page and CSRF protection bypass with reflected XSS. [online] Available at: <https://medium.com/@MichaelKoczwara/password-stealing-from-https-login-page-and-csrf-bypass-with-reflected-xss-76f56ebc4516>[Accessed 20 Oct. 2020].
- Cross-Site Request Forgery Prevention Cheat Sheet. [online] Available at: <https://cheatsheetseries.owasp.org/cheatsheets/Crossite_Request_Forgery_Prevention_Cheat_Sheet.html>[Accessed 20 Oct. 2020].
Received 27.10.2020