There is no perfect answer for security as software comes in so many different forms. Personally I like JWT for API authentication as it is easy to use with both web and mobile applications as generally you wouldn't want to be using cookies for your mobile application.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
It's the same with every element of software development, people have opinions on which is better. Use what is best for your use case
But surely security is a bit more fundamental that "what's the best way to build a component?".
There is no perfect answer for security as software comes in so many different forms. Personally I like JWT for API authentication as it is easy to use with both web and mobile applications as generally you wouldn't want to be using cookies for your mobile application.