I am new to MERN stack and have been experiencing difficulty understanding tokens vs session and landing on a decision to choose one or both (if that makes sense).
I came across this but still have some questions: Token Authentication vs. Cookies
In a MERN stack, given that NodeJs behaves as an API backend, will it store user sessions? Is that done by react part?
I have JWT in place and I have noticed that due to its stateless nature, there is no "true logout" functionality. Tokens will be active until they expire. Using a store such as memcached or TTL cache to store just the blacklisted token until their TTL seems to be a good idea, I wanted to have some opinions on this matter. Having such a store is against the stateless mantra of JWT, but I am not sure how else will I invalidate tokens before their timeout.
I came across https://www.npmjs.com/package/express-session, where sessions could be maintained via cookies, but should this be used when JWT is already in place?
How can I use JWT to maintain sessions or should I even do this? Any suggestions on this matter?
I would like to understand the design decisions behind what goes into making auth in a MERN stack.
Thanks in advance for your time and answers. I apologize if the questions seems redundant, but I would like to lay some groundwork with these questions.
Thank you !
