Hacker News new | past | comments | ask | show | jobs | submit login

JWT is just storing more info than you would with a cookie but pretending it's secure by encrypting it with an algorithm the browser has access to.



JWT are not encrypted, they include an HMAC signature to prove that the token claims (which are a Base64 encoded JSON object) have not been modified.





Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: