loading...

re: Please Stop Using Local Storage VIEW POST

TOP OF THREAD FULL DISCUSSION
re: Hey, this is a great point. But hear me out. Let's say you want to store a JWT in a cookie -- that's fine. BUT: the purpose of JWTs is to be state...
 

you've got to manage a revocation list centrally

This might be true for Google or Amazon but is not actually true for the majority of applications out there I would argue.

You find out a token is compromised? Just regenerate your signing key. Yes every application user will have to log in again but that is a perfectly acceptable action for most applications.

code of conduct - report abuse