Stop Guessing: What is a JWT?
JSON Web Token (JWT)
A JWT Is an open standard that defines a compact and self-contained way ...
For further actions, you may consider blocking this person and/or reporting abuse
I have used jwt before in cookies for front-end auth. Do you think it's a good idea to do that?
I think cookies are meant for long-lived tokens and JWTs are not meant to be long-lived.
The way in which I do it I create a JWT and a refresh token. The JWTs lasts for at most 30 minutes in my case and the refresh token which can just be any random string I normally do a UUID for that token and it can last up to a year but can only be used once. I personally just choose to store them in local storage but if I wanted to use a cookie I would only store the refresh token in an HTTP cookie that way it can not be accessed by JS.
If using refresh tokens, when would you refresh it? Would your application have a timer that lasts the duration of the JWT and automatically uses the refresh token when the timer reaches zero, or would you keep using the JWT until an error comes back then use the refresh token? Thanks.
Does JWT changes after each login or it is constant for a user?
Thanks🤗.
Thank you, for the explanation and further information, all the people answering my questions are awesome!
Thank you, for the explanation and further information, all the people answering my questions are awesome!
Thanks a lot, I have been using jwt and managing to save it to local storage or cookies and tried to find answer 'is jet constant and finally found'
Thanks 🎉