DigiNews

Summary

The article argues against using JWTs for keeping user sessions, citing security and practicality concerns and recommending cookies with server-side sessions instead. It explains why stateless authentication with JWTs is problematic, discusses short-lived tokens like PASETO as alternatives for non-session use, and provides practical guidance on implementing secure cookie-based sessions and typical pitfalls (e.g., avoiding localStorage).