DEV Community

Discussion on: Demystifying JWT: How to secure your next web app

stunaz profile image
stunaz • Edited on

I would say that it depends on the use case. The most common case is for authentication/authorization. In that case if you store in cookie, IMHO why do you even need JWT in the first place. Done a tons of reading and came to the conclusion that jwt is just not secure for the web, works for a phone/tablet, gui apps.... not for the web. And whatever you do for trying to make it secure. it will look like you are implementing the old session/cookie stuff.

Having building many application with jwt cookie does not really mean anything, yeah it works, but you could also have done it simply with sessionid on cookie at this point.

Thread Thread
steventhan profile image
Steven Than

JWT thrives in microservices setting, it's a PITA having to validate session per service, especially when you have a remote authorization server