![]() Thus, JWTs are said to be very apt for non-user-facing applications. Why? As we learned, revocation is not immediate. Revoking the JWT token is implementation dependent and if handled poorly, can pose security vulnerabilities.ĭue to the hard-to-revoke nature of JWTs, it is usually advised to not use them in user-facing applications where users can log out at will. Also, there's no agreed-upon way in the community to handle revocations “the right way”. You can store the user data in the JWT token itself. With JWT, you don't need to reach out to the data store. The client sends that session Id in every request and the server authenticates the user by reading from the data store using the session ID. With sessions, you store the actual user data in some kind of data store and only pass a session Id to the client. It really depends on your use case.īefore we come to a conclusion, let's make the differences between the two absolutely clear.
0 Comments
Leave a Reply. |