Skip to content

re: Token vs Session Authentication VIEW POST


I say that session cookies are more secure than JWTs. You should take a look at an alternative to JWTs, PASETO. And don't forget to read a blog post about what's wrong with JWT. You shouldn't use JWTs for authentication.

Never index by secret values!

Another blog post on why you shouldn't use JWTs for sessions.

A blog post about indexing by secrets and timing attacks in general.

code of conduct - report abuse