|
|
|
|
|
|
by hn_throwaway_99
2190 days ago
|
|
|
> unless you’ve implemented some sort of state store that all of your API services and server share. Yes, it's called session storage, and it used to be incredibly common. These issues are not "orthogonal", because a primary promise of JWTs were the ability to get rid of that shared session storage and just put that identifying info into the signed token. |
|
|