Loading...

{{notif_text}}

Why join channels?
Learn from peers
Discuss and share learning resources with the top professionals across the world
Open business or job opportunities
Earn reputation points to get consulting projects, attract talent or land jobs.
Accelerate your growth
Grow your network and get exclusive deals from our learning partners.
signup now
Anubhav Gupta asked a question
{{::getFormatedLocalTime("2017-10-25T08:58:08.410Z", {without_time: true})}}

Is using JSON Web Token based authentication on the web safe?

We've been using cookie based authentication on web using PassportJS. But recently started using JSON Web Token based authentication for android app. Is it safe / does it make sense, to move the web authentication method to token based authentication instead of continuing cookie / session based auth? (Just to keep the auth method consistent across platforms)

answer
submitting answer...
submit
No answers yet. Be the first one to answer!
6 answers
Rupesh Pawar Full stack developer
{{::getFormatedLocalTime("2017-10-26T07:20:28.256Z", {without_time: true})}}
Generaly it's safe but it depends how we implement it. 

Advantages of JWT. 

  • Easier to (horizontally) scale
  • Easier to use
  • More flexible
  • More secure
  • Built-in expiration functionality
  • No need to ask users for 'cookie consent'
  • Prevents CSRF
  • Works better on mobile
  • Works for users that block cookies

The criticisms of JWT seem to fall into two categories:
  • Criticizing vulnerabilities in particular JWT libraries, as in this article.
  • Generally criticizing the practice of using any "stateless" client tokens. Because there's no great way to revoke them early while remaining stateless, etc.
Mostly people face issue with JWT beacuse of either mis-implementation or misuse of JWT.
Loading comments...
Yash Pandey Intrested in New Web Technologies
{{::getFormatedLocalTime("2017-10-26T06:53:04.144Z", {without_time: true})}}
Yes, its totally safe and really a great idea. Using JWT , you can  create true REST API which will be consitent and can used across all platform . 
Read this article - https://float-middle.com/json-web-tokens-jwt-vs-sessions/

Also, there will be less overhead on your servers since no maintaining the sessions.

One point I liked in this article from an infrastructure point of view is problem with generating session while horizontal scaling the application. With JWT, you dont have to worry about it.
Loading comments...
To view all answers to this question, join this channel
join this channel
Learn how Cutshort Channels work
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
Okay
Privacy policy
File upload not supportedAudio recording not supported
This browser does not support file upload. Please follow the instructions to upload your resume.This browser does not support audio recording. Please follow the instructions to record audio.
  1. Click on the 3 dots
  2. Click on "Copy link"
  3. Open Google Chrome (or any other browser) and enter the copied link in the URL bar
Done