[jakelazaroff]

Don't use JWT or local storage for storing sessions. It's pointless/potentially less secure. Just use sessions and cookies.

Here are some good blog posts that explain this better than I can (the flow chart in 3 is particularly illuminating):

[1] https://paragonie.com/blog/2017/03/jwt-json-web-tokens-is-ba...

[2] http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-fo...

[3] http://cryto.net/%7Ejoepie91/blog/2016/06/19/stop-using-jwt-...