JWT is fine when implemented properly for the types of use cases it was intended... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		dmix on Oct 23, 2019 \| parent \| context \| favorite \| on: Don't Use VPN Services JWT is fine when implemented properly for the types of use cases it was intended for. Which in 2019 is the vast majority of libraries available.

prophesi on Oct 23, 2019 [–]

And, to be clear, using them for sessions is not one of those intended use cases, as joepie91 is arguing in that article. Using an actual server-side solution is easier and safer.

For posterity, here's the second part to his crusade: http://cryto.net/~joepie91/blog/2016/06/19/stop-using-jwt-fo...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact