The internet, including DEV, is full of articles on security, JWT, cookies-good, cookies-bad etc.
I think the issue might be due to web technologies moving so fast, yet security doesn't. The expectation is that there must be new technologies that you have to learn, because "that's just how the industry works". The reality is security doesn't move nearly as fast, take GCM for example, because it needs a long time to be validated as well as the implementations to be audited.
Some services (e.g. Azure Active Directory) seem to handle it all for you - but do they really? And when can you actually use this approach?
It doesn't, you still need to handle your session securely.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I think the issue might be due to web technologies moving so fast, yet security doesn't. The expectation is that there must be new technologies that you have to learn, because "that's just how the industry works". The reality is security doesn't move nearly as fast, take GCM for example, because it needs a long time to be validated as well as the implementations to be audited.
It doesn't, you still need to handle your session securely.