Bird
0
0

Which of the following is a best practice when storing refresh tokens in a NestJS application?

easy📝 Conceptual Q2 of 15
NestJS - Authentication
Which of the following is a best practice when storing refresh tokens in a NestJS application?
AStore refresh tokens in localStorage for easy access
BStore refresh tokens in HTTP-only cookies to prevent JavaScript access
CSend refresh tokens in URL query parameters
DStore refresh tokens in plain text files on the server
Step-by-Step Solution
Solution:

  1. Step 1: Identify secure storage methods for refresh tokens

    HTTP-only cookies prevent JavaScript access, reducing XSS attack risks.

  2. Step 2: Evaluate other options

    localStorage is vulnerable to XSS; URL parameters expose tokens in logs; plain text files are insecure.

  3. Final Answer:

    Store refresh tokens in HTTP-only cookies to prevent JavaScript access -> Option B

  4. Quick Check:

    Secure refresh token storage = HTTP-only cookies [OK]
Quick Trick: Use HTTP-only cookies for refresh tokens [OK]
Common Mistakes:
  • Using localStorage which is vulnerable to XSS
  • Passing tokens in URLs risking exposure
  • Storing tokens insecurely on server

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More NestJS Quizzes
Database with Prisma - Prisma setup in NestJS - Quiz 11easy Database with Prisma - Schema definition - Quiz 9hard Database with TypeORM - Query builder - Quiz 5medium Database with TypeORM - TypeORM module setup - Quiz 12easy Database with TypeORM - Query builder - Quiz 10hard Guards - Why guards control access - Quiz 4medium Middleware - Global middleware - Quiz 11easy Middleware - Global middleware - Quiz 2easy Pipes - Why pipes transform and validate input - Quiz 6medium Pipes - File validation pipe - Quiz 14medium