I choose cookies over JWT
Draft Disclaimer: Please note that this article is currently in draft form and may undergo revisions before final publication. The content, including information, opinions, and recommendations, is subject to change and may not represent the final version. We appreciate your understanding and patience as we work to refine and improve the quality of this article. Your feedback is valuable in shaping the final release.
Language Mismatch Disclaimer: Please be aware that the language of this article may not match the language settings of your browser or device.
Do you want to read articles in English instead ?
I choose cookies over JWT
tags: beginners, webdev, tutorial, career
Some common misconception I read is that
JWT is more secure for webapp
or
I have to use JWT to authenticate my SPA
Summary
-
Cookies vs JWT
-
When to use JWT
-
Reminder that you can use still use cookies to authenticate your SPA
-
This means you don't always need JWT
Cookies vs JWT
JWT is not more secured
JWT token can be decrypted. So you should not store in it sensitive data. Cookie is more secure because you can set the domain and make it http only so that Javascript can't mess with it.
When to use JWT
Use JWT for shared or distributed architecture Example: How a single account is used to authenticate all apps (google product)