All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Security
Security
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Why JWTs Should Not Be Used for User Session Management

By

262588213843476

21d ago· 3 min readenCode

Summary

The article argues against using JSON Web Tokens (JWTs) for user authentication/session management. It claims JWTs are not designed for keeping users logged in, are insecure for that purpose, and recommends using regular cookie sessions instead. The author references a presentation for deeper context and notes that other security topics like CSRF protection should be learned separately.

Source

Hacker NewsWhy JWTs Should Not Be Used for User Session Managementgist.github.com

Key quotes

· 3 pulled
JWTs should not be used for keeping your user logged in.
They are not designed for this purpose, they are not secure, and there is a much better tool which is designed for it: regular cookie sessions.
Note that other topics are largely skimmed over, such as CSRF protection. You should learn about other topics from other sources.
Snippet from the RSS feed
Stop using JWTs. GitHub Gist: instantly share code, notes, and snippets.

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.