Y
Hacker News
new
|
ask
|
show
|
jobs
by
jayd16
2315 days ago
Sessions could be stolen too. The rest are essentially trade offs with the expiration mechanism. If your use case can't handle that, don't use JWT.
1 comments
ascotan
2315 days ago
ergo: if it's ok to have an un-revocable insecure session - use JWT tokens.
link
user5994461
2315 days ago
Or use JWT + OpenID Connect in a centralized mode, as the article explains toward the end.
link