I am considering replacing my old session-cookie-based authentication with JWT token-based authentication. I read from here that it is suggested to store JWT as cookie.
If so, isn't that a re-implementation of signed cookie?
Asked
Active
Viewed 676 times
0
smwikipedia
- 61,609
- 92
- 309
- 482
1 Answers
1
Yes it is but the advantage is that the format (i.e. JSON), some of the information elements (expiry timestamp, issued-at timestamp, issuer etc.) and the method of protecting it (i.e. signature/encryption method) is standardized so you can use stock libraries to create and read it in a very convenient and error-free way.
Hans Z.
- 50,496
- 12
- 102
- 115