0

I currently have a nodejs app which also serves the frontend files (server side rendering). Authentication is done through passportjs using session based authentication. We're currently switching to React as the frontend and having the nodejs application just as an API. However I'm wondering why session based authentication is never used with React. I've been looking up some tutorials and all I see is JWT used as authentication.

Since we already have session based auth setup for the nodejs app, is it necessary to switch to JWT? As far as I know JWT helps in better scaling your backend, however we're going to use a mysql/redis storage for the sessions anyways so I don't really see an issue in here.

I'm looking forward for suggestions/answers, thanks in advance.

sharpness
  • 125
  • 2
  • 9
  • 1
    There is no reason to use one or the other. If you have a session-based API not sure why you'd change it - in either case you're just storing a cookie (or equivalent) client-side and passing that with API requests. – Joe Oct 31 '21 at 14:48
  • Does this answer your question? [Authentication: JWT usage vs session](https://stackoverflow.com/questions/43452896/authentication-jwt-usage-vs-session) – bvdb Nov 01 '21 at 00:23
  • I think it's just that React is a fairly new technology, and by contrast using cookies is the old-school way. There are a number of advantages to using JWT Tokens. But those have been mentioned in topics such as : https://stackoverflow.com/questions/43452896/authentication-jwt-usage-vs-session – bvdb Nov 01 '21 at 00:25

0 Answers0