Explain how browser authentication works with JWTs

Explain, at a high level, how authentication typically works in a browser-based web app when using JWTs.

Cover:

• Where the token is stored (e.g., memory, localStorage , cookies) and trade-offs.
• How the browser sends the token on subsequent requests.
• Refresh tokens / session renewal patterns.
• Common security risks (XSS, CSRF) and mitigations.
• How this differs from traditional server-side sessions.