Update: JSON_Web_Token_for_Java_Cheat_Sheet

[Tib3rius]

What is missing or needs to be updated?

The Token Storage on Client Side page recommends using Session Storage over Local Storage, seemingly because Local Storage persists between browser restarts (accurate), however it makes no mention of the fact that Session Storage is implemented per-tab and not per-site. That is, if example.com adds some item to Session Storage, and a user then opens a new tab through any method other than "duplicate tab" (e.g. right-click -> open link in new tab), the new tab will have a completely new (and empty) Session Storage instance, even if the user goes to example.com.

Since opening things in multiple tabs is pretty common user behavior, it is not realistic (IMO) for the recommended method to be implemented by developers.

How should this be resolved?

Honestly, I think the recommendation should be to use Local Storage but with tokens that have short expiration times. There's no perfect solution, but Session Storage doesn't work at all so it's surprising to see it being recommended.