[dmix]

JWT is fine when implemented properly for the types of use cases it was intended for. Which in 2019 is the vast majority of libraries available.

[prophesi]

And, to be clear, using them for sessions is not one of those intended use cases, as joepie91 is arguing in that article. Using an actual server-side solution is easier and safer.

For posterity, here's the second part to his crusade: http://cryto.net/~joepie91/blog/2016/06/19/stop-using-jwt-fo...