DEV Community

Discussion on: Using JWT Token/Cookie based session authentication — Potential Identity Theft & Data Exploitation

Collapse
ruslangonzalez profile image
Ruslan Gonzalez

Why someone will send the auth token to 3rd party servers? No sense

Collapse
adimb profile image
Adi Mor Barak Author

You send your session id or token, if it's JWT token it can be decrypt any why... the only information you usually store is your user id, client id, user role - this info means nothing but you get a extra security layer that helps you mitigate this vulnerability