Skip to content
loading...

re: Token vs Session Authentication VIEW POST

FULL DISCUSSION
 

I'm a bit confused about "The user state is not stored on the server with this approach instead it is stored in the token."

and in the next paragraph there is "Generally, the JSON Web Token scales much better with the size of the application because it is stateless,"

Can you explain, please?

 

When the state is stored on the server like it is with the session approached, the bigger the app is, the more resources will be needed to the server (for example Reddit size) for every user that logs, the server will need to store the user state in the memory. The JWT is stored in the client browser and the server is just doing verification to check if the token is signed, that's why it can scale great with the size of the app.

code of conduct - report abuse