localStorage vs Cookie? #9
Description
I read that Web Storage (localStorage/sessionStorage) does not prevent against XSS attacks, and cookies are the preferred way of verifying a user. What are your thoughts on this? https://stormpath.com/blog/where-to-store-your-jwts-cookies-vs-html5-web-storage
Also, I was trying to figure out how to make the user's id available with this in graphql? Do I need to pass the jwt token manually in every graphql request that requires authentication? That sounds like a bit of a pain...
EDIT
I figured out the second part to my question (it's automatically handled by apollo in networkInterface.use() from client/index.js)