I say that session cookies are more secure than JWTs. You should take a look at an alternative to JWTs, PASETO. And don't forget to read a blog post about what's wrong with JWT. You shouldn't use JWTs for authentication.
Never index by secret values!
Another blog post on why you shouldn't use JWTs for sessions.
A blog post about indexing by secrets and timing attacks in general.
Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment's permalink.
Hide child comments as well
Confirm
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I say that session cookies are more secure than JWTs. You should take a look at an alternative to JWTs, PASETO. And don't forget to read a blog post about what's wrong with JWT. You shouldn't use JWTs for authentication.
Never index by secret values!
Another blog post on why you shouldn't use JWTs for sessions.
A blog post about indexing by secrets and timing attacks in general.