Hi
I have a client-side SPA that connects to a server-side API
Currently my authentication scheme saves a JWT in the client’s localstorage, but this is a problem when they navigate across subdomains.
The solution seems to be using cookies instead. I’d like to know whether it’s possible to embed the JWT into a cookie (so I don’t have to rewrite too much logic) and if this is an acceptable practice.