|
|
|
|
|
|
by tszming
3664 days ago
|
|
|
While several points in the article are arguable but I agree not using "JWT for managing user sessions in their web applications". If you need to add extra / custom / unproven mechanisms to invalidate JWT tokens and this defeat the purpose of the simplicity of using Stateless JWT - people are using sticky sessions or session servers to solve the scalability problem of user sessions in web apps pretty well and most frameworks bundled battle-tested libraries to do so long time ago. |
|
|