If a token is stored in the local storage or a cookie, another user might be able to copy the token from one PC and use it on their own PC. How can this security issue be addressed?
I want user not access or copy our jwt Token and use it in another pc
As far as I know perfect solution does not exist. You could try to get some unique info on user’s machine to be included in JWT. But that is not always doable, and it might affect user experience. Here is some option you could try: