minus-squareimmortaly007@feddit.nltoProgrammer Humor@lemmy.ml•SPAs were a mistakelinkfedilinkarrow-up33·11 months agoIt’s a security thing. The HttpOnly cookie can’t be stolen using XSS or something like that, while a bearer token must be stored somewhere where javascript can see it. linkfedilink
minus-squareimmortaly007@feddit.nltoProgrammer Humor@lemmy.ml•PHP is dead?linkfedilinkarrow-up4·1 year agoWhere my Java/Kotlin frameworks at? linkfedilink
It’s a security thing. The HttpOnly cookie can’t be stolen using XSS or something like that, while a bearer token must be stored somewhere where javascript can see it.