4
marvvvv
8y

Hey guys what do you think about JWT? Is it mutch better for SPA applications as Sessions?

Comments
  • 0
    Looked at it a while ago but I can't see what's so yayish about it... (Pls enlighten me)
  • 2
    It's good for scalability, because you don't need to keep session state on the server. The client gets a token from an authentication service, and then attaches it to each request. Then, you just check the token validity on the server. If you have several servers, each request is independent and can go to a different one.
  • 1
    Makes life easy, but you have to be really careful about frequent token replacement and not sending information that could be used to generate a JWT seen as valid.
Add Comment