Hi everyone, I'm reading jwt vs cookie authentication(both never done or use before). I understand jwt is sent in every request and contains all the user info, so there's no need for a session. But, why does cookie need a session? It seems to work extremely like jwt, as it is also include in the request header every time.Is it that jwt stored everything and pass it around, cookie stored key information and session stored the rest on server?
Submitted May 09, 2017 at 03:19AM by FateRiddle
No comments:
Post a Comment