re: Token vs Session Authentication VIEW POST

FULL DISCUSSION
 

I prefer JSON Web Tokens too, but it's not true that you can't scale well with cookies. You can use connect-redis with express-session, which will make it faster (you can still have multiple replicas of your api). Not to mention cookies are more secure than JWT tokens. If someone puts sensitive information in the payload, you are screwed-up, because anyone can decode the payload of the JWT token. It's just a base64 value.

In the end, it will depend on what you are building. :)

code of conduct - report abuse