We want to store a jwt and sometimes other data as well. We usually used sessionStorage for this, but we know this is not safe. So we want to create a new form of storage. Many people said that JWT and other information could be stored inside the cookie. Is this true or is there a safer way?
In short: Use cookies!
Any script thats being executed on your page can access both localStorage and sessionStorage, so it's significantly more risky.
More on the subject here
For more details on how to properly configure a cookie entry for maximum security (httpOnly, sameSite and other flags) read here.