Exactly. The problem is that JWT's are awesome because they're stateless, but if you're using it as a session and you have to handle all those security vulnerabilities - it starts to be stateful and loses its main benefit.
Anyways, awesome article! :)
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.