DEV Community

loading...

Discussion on: JSON web tokens are NOT meant for authenticating the same user repeatedly: Use session tokens instead

Collapse
adrach profile image
Andrew Drach

PS JWT do not need to be ever stored in any DB as they provide stateless access and we just beed to verify signature, so no, nothing like session tokens

Collapse
jessekphillips profile image
Jesse Phillips

Any chance you could produce a counter post.

The author didn't say JWT tokens were to be stored in a database, that was in context of a refresh token.

Maybe putting an article together to tackle the actual content of this one will help everyone be clearer on what is the correct process and why.

Forem Open with the Forem app