[prophesi]

And, to be clear, using them for sessions is not one of those intended use cases, as joepie91 is arguing in that article. Using an actual server-side solution is easier and safer.

For posterity, here's the second part to his crusade: http://cryto.net/~joepie91/blog/2016/06/19/stop-using-jwt-fo...