I choose cookies over JWT

Draft Disclaimer: Please note that this article is currently in draft form and may undergo revisions before final publication. The content, including information, opinions, and recommendations, is subject to change and may not represent the final version. We appreciate your understanding and patience as we work to refine and improve the quality of this article. Your feedback is valuable in shaping the final release.

Language Mismatch Disclaimer: Please be aware that the language of this article may not match the language settings of your browser or device.
Do you want to read articles in English instead ?

I choose cookies over JWT

tags: beginners, webdev, tutorial, career

Some common misconception I read is that

JWT is more secure for webapp

or

I have to use JWT to authenticate my SPA

Summary

  • Cookies vs JWT

  • When to use JWT

  • Reminder that you can use still use cookies to authenticate your SPA

  • This means you don't always need JWT

Cookies vs JWT

JWT is not more secured

JWT token can be decrypted. So you should not store in it sensitive data. Cookie is more secure because you can set the domain and make it http only so that Javascript can't mess with it.

When to use JWT

Use JWT for shared or distributed architecture Example: How a single account is used to authenticate all apps (google product)