I have a question about JWT in creating a website. I want to check the rights and status of users, both token, userID, user.role and islogin. I store these variables in localstorage because I want to use it to check in the frontend all the time in the user is logged in. Even if the user closes the browser and comes back, it should still be logged in. So I wonder if I'm doing it right or if there is a guideline to do it in a correct way.
It's a personal project but I want to know how to create good ux website for user and also simple secure
Storing JWTs and other critical details in local storage is not a good practice. This has assocaited security risk.
For persisting the login details to re-examine the user logged in details can be handle by storing some sort of flat eg: isLoggedIn. The JWT token has to be in cookie, and mark that httpOnly.