This was a fun trip! I've been looking into JWTs a lot recently and at first I was scared there's such an easy cracker. I can only guess that if your secret is long enough (not 4 characters) that it's not going to be cracked quite so easily.
Yes I agree. I did read a few articles while doing some further research later that suggests JWTs shouldn't be used for session management, but I won't pretend to be an expert.I'm fairly certain storing the data in a HTTPS-only cookie would not yield the same result.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
This was a fun trip! I've been looking into JWTs a lot recently and at first I was scared there's such an easy cracker. I can only guess that if your secret is long enough (not 4 characters) that it's not going to be cracked quite so easily.
Cool challenge though!
Yes I agree. I did read a few articles while doing some further research later that suggests JWTs shouldn't be used for session management, but I won't pretend to be an expert.I'm fairly certain storing the data in a HTTPS-only cookie would not yield the same result.