Backend application provides an access token upon login. Additionally, I control protected routers using the Node.js Passport.js library. Furthermore, I renew the access token every 10 minutes and manage sessions with jti stored on the backend and a session table. Everything is fine up to this point. However, when I pass the token to the React side, I'm unsure where it would be more logical to store it, given what I've described. There are different methods such as in the application's memory, in localStorage, in Redux, and in cookies. I know that each has its own advantages and disadvantages. However, based on what I've explained, I haven't been able to come to a conclusion on which one to use. I would greatly appreciate your assistance in making this decision.
The user mentioned, "I came across this article at the link: 'https://mannharleen.github.io/2020-04-10-handling-jwt-securely-part-2/' and I believe it aligns with my thinking. In summary, we can store access_tokens in memory and refresh_tokens in cookies."