xxxxxxxxxx
To keep them secure, you should always store JWTs inside
an httpOnly cookie. This is a special kind of cookie that's
only sent in HTTP requests to the server. It's never accessible
(both for reading or writing) from JavaScript running in the browser
.17-Jun-2021