|
|
|
|
|
|
by holtalanm
1809 days ago
|
|
|
> 1. Massively increases server strain and bandwidth usage A short-lived JWT that fits into an HTTP Header is not going to _massively_ increase your bandwidth usage. At most, you will end up with a single refresh request every few minutes as each short-lived JWT expires. > 2. Has problems with users less reliable connections (they'll be randomly logged out all the time) Usually if your request failed due to a bad connection, the client wouldn't be designed to automatically log out the user. That would be just terrible UX. > 3. Makes "Remember Me" style features impossible (unless you use a server-side store for that, which brings us back to it not being stateless) Incorrect. A short-lived JWT tied to a refresh token allows for a remember-me style feature by checking account access when issuing a new JWT token. |
|
|