|
|
|
|
|
|
by andretti1977
3031 days ago
|
|
|
JWT is more a "lingua franca" token since it is not binded to a "http context", but in the end, cookies and jwt tokens or any other kind of authorization tokens are simply a way to identify a user. As i told you before JWT tokens are more loosely coupled to http request than cookies so they may be a best choice, especially if you plan to build stateless apis. The only strictly important rule is: do not store any sensitive informations on client side data structure since you can't trust the client side. |
|
|
Except that the tokens are cryptographically signed, so as long as you verify them, you can trust them.