🔥More exclusive content: [ Ссылка ]
Twitter: [ Ссылка ]
Blog: [ Ссылка ]

In this video we cover whether you should use JSON Web tokens as session tokens. The answer might surprise you.

Mentioned blog posts for further reading
[ Ссылка ]
[ Ссылка ]

00:00 should you use JWTs as session tokens?
00:26 how server-side sessions with a session store work
01:55 how "client-side" sessions with JWTs work
04:03 logging out users from the server side
05:22 knowing who is currently logged in
06:11 session data visibility
06:42 revoking roles and privileges in JWT and session-based systems
08:00 scalability of server-side and client-side sessions
08:58 the need to maintain a session store
09:16 bandwidth consumption
09:38 attacking JWTs vs session-based authentication
11:11 cookies vs local storage
11:54 mitigating CSRF attacks

свернуть