DEV Community

loading...

Discussion on: JSON web tokens are NOT meant for authenticating the same user repeatedly: Use session tokens instead

Collapse
lordofcodes profile image
Sujeet Agrahari • Edited

Ben Awad seriously? It would have been worth reading if you would have referenced owasp guidelines on JWT auth .

cheatsheetseries.owasp.org/cheatsh...

One more thing, the whole point of JWT is to make auth stateless and should not be stored on server.
It fulfils REST constraints that requires requests to be stateless.

Forem Open with the Forem app