| ||Ask HN: Cookies vs. JWT vs. OAuth|
260 points by amend on March 4, 2018 | hide | past | favorite | 93 comments |
|I’m using passport.js with a local strategy for authentication, and I’m using sessions/cookies for keeping state and keeping the user logged in.|
I’m not very knowledgeable in security (that’s why I’m asking here), but will using JWT (with the token stored in the cookie) to keep the user logged in instead of sessions/cookies make my application more secure when the passport middleware executes req.isAuthenticated? I thiiink somewhere in that call it checks cookies or jwt, depending on implementation.
Also, I do not plan on opening the API to other sites, so OAuth is unnecessary. Is my understanding correct?
| Apply to YC