Having used both JWTs and traditional session ids, I agree that JWTs are probably not the best tool for a typical project. Where I have found them very useful is when passing a user's credentials between several back-end systems that all trust the server that granted the JWT and each want to do their own authentication or authorization.
Indeed. Between backend systems we don't expose to the public sending all the data self-contained makes sense. However, you really have to wonder if sending all your data upfront to the browser is the best call, though it's a common pattern.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Having used both JWTs and traditional session ids, I agree that JWTs are probably not the best tool for a typical project. Where I have found them very useful is when passing a user's credentials between several back-end systems that all trust the server that granted the JWT and each want to do their own authentication or authorization.
Indeed. Between backend systems we don't expose to the public sending all the data self-contained makes sense. However, you really have to wonder if sending all your data upfront to the browser is the best call, though it's a common pattern.