My application uses cookies to store JWT token on client side. The cookie has an expiry value equal to the JWT token expiry.
The user sends a login request from the client and upon successful authentication, the server generates a JWT token containing logged in user's information. This token is then sent to the client in a cookie, after which the application displays main screen.
After login, the cookie is sent in each request from the client which is validated by the server. The server extracts JWT token from the cookie and validates the token expiry and other information before authorizing the request.
Since third-party cookies will be phased out soon so I am searching for an alternative to store my JWT token on client side in a way so that it is available across multiple browser tabs and even if the user closes the browser.
My application is already using local storage which can be used to store my token. However, I also need to expire and delete it when the expiry time reaches.
So, what is the alternate to third-party cookie in my case?
I am thinking of using authorization header to send the token and store it in local storage. But then I also need to expire it so that the client does not send the token to server if it is expired.