Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Why not to use JWT, in 3 minutes (cryto.net)
14 points by bhupy on Nov 25, 2019 | hide | past | favorite | 6 comments



This says why not to use JWT for sessions. JWT aren't meant for sessions. This article is not an argument against JWTs. Very misleading tittle.


I’ve only ever heard of JWT recommended in the context of “database free sessions”


JWT has nothing to do with sessions. It's a stateless authorization mechanism. I actually have never seen it used in production as a substitute for sessions.

Can you show examples of production software that uses JWT as a substitute for session?


I didn't know what a JWT was, and now I know I don't need to know what one is.


I mean this is fundamentally untrue JWT is the underlying standard for Oauth2.0 so its something that is worth understanding even if you don't plan to utilize it.


I stand corrected. JWTs seem perfect for their purpose.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: