|
|
|
|
|
|
by eximius
2719 days ago
|
|
|
And you don't understand the purpose of JWTs. No one needed to mention anything about stateless authentication because enabling stateless authentication is the purpose of JWTs [1]. Yes, just store a signed cookie with a random token for the session and use stateful authentication. That fits most people's needs better than stateless. (Even signing is more or less optional in many common cases. If the cookie is only a sufficiently long random token for the session key, then I don't really care if a user changes it, they'll only log themselves out.) [1] - https://jobs.zalando.com/tech/blog/the-purpose-of-jwt-statel... |
|
|