Answer the question
In order to leave comments, you need to log in
Does it make sense to use cookies in new projects, or is it enough to replace everything with JWT?
Does it make sense to use cookies in new projects, or is it enough to replace everything with JWT?
Answer the question
In order to leave comments, you need to log in
There's a meaning. But it may be enough to replace it with JWT.
depends on projects.
If your question was really about "are cookies obsolete, and should we stop using them for the sake of token authorization" - no, they are not obsolete.
You are confusing the authorization method with the token storage method.
Cookies can store both the session key and the JWT token. Any of them can be stored in localStorage (but not necessary for security reasons).
What to use is up to you, there are pros and cons here and there.
I think it's best to store the session key in httpOnly cookies, and the sessions themselves in Redis. But there is room for holivar)
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question