DEV Community

Discussion on: How I Fixed JWT Security Flaws in 3 Steps

byrro profile image
Renato Byrro Author

Hi, glad the article was helpful!

Two of the main advantages of JWT are:

  1. A signed hash to validate that the token was not modified
  2. A unique user identified is embedded in the JWT

How do you plan to implement #1 only with a session ID?

Unless your session ID is unique for each user and is permanent across time, you will still need to map each session ID to a real user in your database, defeating #2.