Search code examples

How to save a token in a local storage (or cookie)?

I am trying to implement a login function in an app. Currently, I could register a login, generate a jwt token. However, I do not know how to store this token in a cookie (or local storage). I have a middleware that would require a user to send a token in each request which is private. In postman, I could put 'x-auth-token' and a token in a header. Many of the tutorials use passport, cookie-parser which seemed kinda complicated. Are there any other easier ways? I saw in the express document that there were res.cookie('x-auth-token', token); available too, I tried it but it didn't work. I also tried window.localStorage.setItem('x-auth-token', token);, still didn't work.

I have tried something super simple which is to simply put a token in a localStorage. window.localStorage.setItem('x-auth token', token); However, it didn't work.


const jwt = require('jsonwebtoken');
const config = require('config');

// middleware function, next so it moves on to the next middlware
module.exports = function(req, res, next) {
  //get the token from header
  const token = req.header('x-auth-token');

  //Check if not token
  if (!token) {
    return res.status(401).json({ msg: 'No token, authorization denied' });

  //Verify token if exist
  try {
    const decoded = jwt.verify(token, config.get('jwtSecret'));
    req.user = decoded.user;
  } catch (err) {
    res.status(401).json({ msg: 'Token is not valid' });


// @ route    POST api/users
// @desc      Register User
// @access    Public
    check('name', 'Name is required')
    check('email', 'Please include a valid email').isEmail(),
      ' Please enter a password with 6 or more characters'
    ).isLength({ min: 6 })
  async (req, res) => {
    const errors = validationResult(req);
    if (!errors.isEmpty()) {
      return res.status(400).json({
        errors: errors.array()
    const { name, email, password } = req.body;

    try {
      // See if user exists, have to be unique
      let user = await User.findOne({ email });
      if (user) {
        return res
          .json({ errors: [{ msg: 'User already exists' }] });
      // Get users gravatar
      const avatar = gravatar.url(email, {
        s: '200',
        r: 'pg',
        d: 'mm'
      user = new User({

      //encrypt password
      const salt = await bcrypt.genSalt(10);

      user.password = await bcrypt.hash(password, salt);
      // anything that return a promise, we have to put await !!
      //return jsonwebtoken
      const payload = {
        user: {

        { expiresIn: 60 * 60 * 100 },
        (err, token) => {
          // window.localStorage.setItem('x-auth-token', token);
          res.json({ token });
          res.cookie('x-auth-token', token);
          // req.flash('You seccessfully registered your account');
          // res.redirect('/user/login');
    } catch (err) {
      res.status(500).send('Server error');


<!DOCTYPE html>
<html lang="en">

    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <link rel="stylesheet" href="/css/main.css">
    <link rel="stylesheet" href="/css/register.css">
    <link href="" rel="stylesheet">
    <script src=""></script>

    {{!-- for auto-reload --}}
    <script src="/reload/reload.js"></script>
    <script src="/javascript/main.js"></script>

    <title>Idea Share</title>


    <nav class="navbar bg-dark">
        <h1><a href="/">Idea Share</a></h1>
            <a href="/signup">
                <li>Sign up</li>
            <a href="/signup">
                <li>Log in</li>
    <div class="container">



<div class="height-container">
    <div class="vertical-align">
        <div class="register-form">
            <h1>Create your account</h1>
            <form class="form" action="/api/users" method="post">
                <div class="form-group">
                    <input name="name" type="text" placeholder="Name" requried>

                <div class="form-group">
                    <input name="email" type="email" placeholder="E-mail">

                <div class="form-group">
                    <input name="password" type="text" placeholder="Password" minlength="6">
                <input onclick="loginUser()" type="submit" value="Create account" class="button green-button" />
            <p>Already have an account? <a href="/signin">Sign in</a></p>


<div class="height-container">
    <div class="vertical-align">
        <div class="idea-form">
            <h1>Share your idea</h1>
            <form class="form" action="/api/posts" method="post">
                <div class="form-group">
                    <input type="text" placeholder="What is your idea?" name="title" requried>

                <div class="form-group">
                    <input type="text" placeholder="Let us know more detail. What is the story. How did you come up with it? 
Why do you think people would need it etc" name="body">
                <input "type=" submit" value="Post" class="button green-button" />



  • You cannot save item to localstorage in nodejs. First sent your Response to client side and save the the res token to Browser local storage using localStorage.setItem('x-auth-token', token);.

    on client side use your token as :-'/', userCredentials).then(response => {
        window.localStorage.setItem('x-auth-token', response.token)