Search
Sign in
Try it FREE
Follow
Why I don't use JWT for sessions
1 follower
As the maintainer of PostGraphile which has built in support for JWT, I often get asked why I don't use JWT in my own applications. Hopefully this helps
Follow
2
"Stop using JWT for sessions" - joepie91
joepie91′s Ramblings
"Stop using JWT for sessions, part 2: Why your solution doesn't work" - joepie91
joepie91′s Ramblings
Thomas Ptacek (respected security web security expert) on why to not use JWTs
I don't care if you want to use stateless client tokens. They're fine. You shoul... | Hacker News
"No Way, JOSE! Javascript Object Signing and Encryption is a Bad Standard That Everyone Should Avoid" - Scott Arciszewski
No Way, JOSE! Javascript Object Signing and Encryption is a Bad Standard That Everyone Should Avoid - Paragon Initiative Enterprises Blog
Critical vulnerabilities in JSON Web Token libraries -- Auth0
Critical vulnerabilities in JSON Web Token libraries
More