
Why not to use JWT, in 3 minutes - bhupy
http://cryto.net/~joepie91/blog/2016/06/19/stop-using-jwt-for-sessions-part-2-why-your-solution-doesnt-work/
======
rowanG077
This says why not to use JWT for sessions. JWT aren't meant for sessions. This
article is not an argument against JWTs. Very misleading tittle.

~~~
mvid
I’ve only ever heard of JWT recommended in the context of “database free
sessions”

~~~
rowanG077
JWT has nothing to do with sessions. It's a stateless authorization mechanism.
I actually have never seen it used in production as a substitute for sessions.

Can you show examples of production software that uses JWT as a substitute for
session?

------
ncmncm
I didn't know what a JWT was, and now I know I don't need to know what one is.

~~~
batoure
I mean this is fundamentally untrue JWT is the underlying standard for
Oauth2.0 so its something that is worth understanding even if you don't plan
to utilize it.

~~~
ncmncm
I stand corrected. JWTs seem perfect for their purpose.

