Support the ongoing development of Laravel.io →
Authentication Security Laravel

Hello, I am creating my first web app. I created 2 projects for the application using Vue.JS on frontend and Php laravel.

I have successfully created authentication using vue.js to php laravel 7 using sanctum's api token for authentication, however, I do have some question regarding api token.

The token is saved on localStorage so that it can survive a page refresh. Is there more a secure way of keeping the api token secure? and is it recommended to keep the api token until the user logouts? I am new to the web stack but i'm very keen on learning the vue.js + laravel web stack.

Also, how do we preven token hijacking? because it looks like i can just copy my api token from the browser and use it on postman application, it's okay for me to do it, but how do we prevent other people from doing it on my web app?

Last updated 3 years ago.

rezwan-hossain, rednian liked this thread

2

Sign in to participate in this thread!

PHPverse

Your banner here too?

Moderators

We'd like to thank these amazing companies for supporting us

Your logo here?

Laravel.io

The Laravel portal for problem solving, knowledge sharing and community building.

© 2025 Laravel.io - All rights reserved.