Hacker News new | ask | show | jobs
by antihero 3034 days ago
> do not store any sensitive informations on client side data structure since you can't trust the client side

Except that the tokens are cryptographically signed, so as long as you verify them, you can trust them.