Sure, using JWT has its cons, like how to handle JWT steal, the system has to have a sort of 'black-list' feature to revoke those access, that implies keep track of generated JWTs and create a list in Redis or Memcache. Or using a unique secret to sign the JWT for every user, and change it.
In a future article of this series, I'll talk about using sessions and it's advantages.
Exactly. The problem is that JWT's are awesome because they're stateless, but if you're using it as a session and you have to handle all those security vulnerabilities - it starts to be stateful and loses its main benefit.
Anyways, awesome article! :)
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Sure, using JWT has its cons, like how to handle JWT steal, the system has to have a sort of 'black-list' feature to revoke those access, that implies keep track of generated JWTs and create a list in Redis or Memcache. Or using a unique secret to sign the JWT for every user, and change it.
In a future article of this series, I'll talk about using sessions and it's advantages.
Thanks for reading!
Exactly. The problem is that JWT's are awesome because they're stateless, but if you're using it as a session and you have to handle all those security vulnerabilities - it starts to be stateful and loses its main benefit.
Anyways, awesome article! :)