I prefer JSON Web Tokens too, but it's not true that you can't scale well with cookies. You can use connect-redis with express-session, which will make it faster (you can still have multiple replicas of your api). Not to mention cookies are more secure than JWT tokens. If someone puts sensitive information in the payload, you are screwed-up, because anyone can decode the payload of the JWT token. It's just a base64 value.
In the end, it will depend on what you are building. :)
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I prefer JSON Web Tokens too, but it's not true that you can't scale well with cookies. You can use connect-redis with express-session, which will make it faster (you can still have multiple replicas of your api). Not to mention cookies are more secure than JWT tokens. If someone puts sensitive information in the payload, you are screwed-up, because anyone can decode the payload of the JWT token. It's just a base64 value.
In the end, it will depend on what you are building. :)