Hacker News new | ask | show | jobs
by jakelazaroff 2693 days ago
Are people really running into such terrible scaling issues with their session database that the solution is to ditch it and use an entirely different authentication strategy? It's not like we haven't been scaling databases for decades!

I agree that persisting the JWT means you may as well be using a session, but my takeaway from that is that you should just use a session, not come up with more weird workarounds to justify JWTs.
2 comments
brokenwren 2693 days ago
Randall Degges has a blog post on this. It's pretty good actually: https://developer.okta.com/blog/2017/08/17/why-jwts-suck-as-...
link
robotdan 2693 days ago
I'd say it is always good to have options. If sessions work, that is a safe option and easy to manage state.

If at scale this option doesn't work - or at least not as well as you'd like, additional strategies are good to know.

If you plan for Pokemon Go, or Fornite scale, decoupling may be beneficial. Admittedly this is a small percentage of all of the use cases.

link