For every Application Security Matters
Here are some good resources to read through:
http://cryto.net/%7Ejoepie91/blog/2016/06/13/stop-using-jwt-for-sessions/ https://www.infoworld.com/article/3184582/security/critical-flaw-alert-stop-using-json-encryption.html https://hn.nuxtjs.org/item/16748400 (read lvh comments) https://github.com/paragonie/paseto (a token implementation designed to work around JWT cryptographic flaws) https://paragonie.com/blog/2018/03/paseto-platform-agnostic-security-tokens-is-secure-alternative-jose-standards-jwt-etc https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-bad-standard-that-everyone-should-avoid
when is local storage compromised... Read through OWASP top 10: https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf (XSS has been one of the top 10 web exploits since 2013 and likely far before).