Hacker News new | ask | show | jobs
by hawkweed 3480 days ago
"most applications should store it in a cookie"

Why do you think that most application should store JWT token in the cookie? Both approaches have their pros/cons.
1 comments
wwalser 3480 days ago
Cookies have several security features built in and if all you're storing is a session identifier they are generally better than a JWT from a size perspective.

This does a better job that I'm going to try for in a HN comment: http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-fo...

link