as shown in the title:
because the front and rear ends are separated from each other, jwt is used as a token to save user information.
token is easy to be attacked by XSS when placed in localstorage, so I thought of using httpOnly"s cookie to save token information.
but the front and back end is cross-domain, and the back-end set-cookie has no effect. It"s stuck here right now. I hope the boss can help solve it