# Should the client or the server take more security precautions?The server sh

1. # Should the client or the server take more security precautions?
2.  
3. The server should take more security precautions, but both should be done.
4.  
5. # What's the difference between local storage and session storage?
6.  
7. Local storage will store for an infinite amount of time, session storage
8. only stores until the window/tab is closed
9.  
10. # What problem does a JWT expiry time solve?
11.  
12. Users being authenticated for a prolonged period of time by staying logged
13. in with the tab open. Closes a security loophole that could be exploited
14. by a malicious individual.
15.  
16. # Is a refresh endpoint protected or public?
17.  
18. Protected.
19.  
20. # What would happen if a refreshed JWT was requested with a JWT that had already expired?
21.  
22. It would be a bad request (400)
23.  
24. # What does it mean to queue a callback?
25.  
26. To put the callback into a queue for a certain time/after certain action.
27.  
28. # What does the clearTimeout function do and what argument do you pass into it?
29.  
30. The clearTimeout function allows us to remove a timeout function on a specific event.
31. Essentially, this allows us to reset a timeout function during some activity with our
32. program/website.
33.  
34. # For which of the following events should a refresh request be queued after?
35.  
36. - Successful login
37. - Successful registration
38. - A page load
39. - Successul API request to post
40. - Successful refresh request
41. - A push state navigation event
42.  
43. # What is OIDC?
44.  
45. OpenID Connect. It's an open source authentication tool that offers greater security than JWT.