Loading...

{{notif_text}}

Find jobs
Hire talent
Why join channels?
Learn from peers
Discuss and share learning resources with the top professionals across the world
Open business or job opportunities
Earn reputation points to get consulting projects, attract talent or land jobs.
Accelerate your growth
Grow your network and get exclusive deals from our learning partners.
signup now
Anubhav Gupta asked a question
{{::getFormatedLocalTime("2017-10-25T08:58:08.410Z", {without_time: true})}}

Is using JSON Web Token based authentication on the web safe?

We've been using cookie based authentication on web using PassportJS. But recently started using JSON Web Token based authentication for android app. Is it safe / does it make sense, to move the web authentication method to token based authentication instead of continuing cookie / session based auth? (Just to keep the auth method consistent across platforms)

answer
submitting answer...
submit
cancel
No answers yet. Be the first one to answer!
6 answers
Rupesh Pawar Full stack developer
{{::getFormatedLocalTime("2017-10-26T07:20:28.256Z", {without_time: true})}}
Generaly it's safe but it depends how we implement it. 

Advantages of JWT. 

  • Easier to (horizontally) scale
  • Easier to use
  • More flexible
  • More secure
  • Built-in expiration functionality
  • No need to ask users for 'cookie consent'
  • Prevents CSRF
  • Works better on mobile
  • Works for users that block cookies

The criticisms of JWT seem to fall into two categories:
  • Criticizing vulnerabilities in particular JWT libraries, as in this article.
  • Generally criticizing the practice of using any "stateless" client tokens. Because there's no great way to revoke them early while remaining stateless, etc.
Mostly people face issue with JWT beacuse of either mis-implementation or misuse of JWT.
Comment
Load more comments
Loading comments...
Yash Pandey Intrested in New Web Technologies
{{::getFormatedLocalTime("2017-10-26T06:53:04.144Z", {without_time: true})}}
Yes, its totally safe and really a great idea. Using JWT , you can  create true REST API which will be consitent and can used across all platform . 
Read this article - https://float-middle.com/json-web-tokens-jwt-vs-sessions/

Also, there will be less overhead on your servers since no maintaining the sessions.

One point I liked in this article from an infrastructure point of view is problem with generating session while horizontal scaling the application. With JWT, you dont have to worry about it.
Comment
Load more comments
Loading comments...
To view all answers to this question, join this channel
join this channel
Learn how Cutshort Channels work
Other questions
Siddhant askedon {{::getFormatedLocalTime("2020-03-17T15:13:13.549Z", {without_time: true})}}
What is the best resource to hire professionals in India?
I want to hire top quality professionals in India.
0
1
Paplu askedon {{::getFormatedLocalTime("2020-03-17T14:47:59.968Z", {without_time: true})}}
Which startups are hiring in Bangalore?
Unable to find the latest source for this, please help!
0
1
Karan askedon {{::getFormatedLocalTime("2020-03-17T14:37:35.630Z", {without_time: true})}}
What are the most used job portals for startup hiring in India?
Where can i hire startup oriented people?
0
1
Chandan askedon {{::getFormatedLocalTime("2018-10-28T17:19:31.976Z", {without_time: true})}}
Best online source to learn to react js ???
  give  me Idea and   suggestion where I learn to react js and you have  pdf then plz forward  me 
0
1
Shivam askedon {{::getFormatedLocalTime("2018-02-16T11:46:23.947Z", {without_time: true})}}
What exactly is the Scope of Django in web development as compared to MEAN Stack? Will Django survive?
Hi, I want to start my career in web development and i have chosen Django to be my primary backend framework since i have always been interested in python. But is it a good choice? is there still any scope and future of Django in Web or should i start learning MEAN stack? 
1
2
Vinay askedon {{::getFormatedLocalTime("2018-02-14T05:32:40.504Z", {without_time: true})}}
Cutshort has gotten all those fancy nifty features (PWA, AI/Assistance), I'm curious to know about the Techstack behind Cutshort ?
It'd be nice if someone can give insights on the tools that have been used .
3
2
Sourav askedon {{::getFormatedLocalTime("2018-02-01T18:31:28.082Z", {without_time: true})}}
What will be Best server side Scripting Language According to IT Market Senario?
I have just finsihed my frontend section with html/css,javascript.what should be my next step towards server side scripting language like node.js or PHP?if any other advice do suggest me for a Fresher(2018).
1
6
Raj askedon {{::getFormatedLocalTime("2018-01-13T08:51:15.355Z", {without_time: true})}}
How to learn web technologies from beginning?
How to learn web technologies from beginning?
0
5
Anubhav askedon {{::getFormatedLocalTime("2017-11-02T13:08:12.278Z", {without_time: true})}}
Why is Perl the most hated language?
Recently I came across this blog on Stackoverflow in which stats say that Perl is the most hated language. Why do devs hate Perl so much?
0
1
Priyank askedon {{::getFormatedLocalTime("2017-10-28T13:07:11.407Z", {without_time: true})}}
How to avoid interpolation curly braces from appearing on screen when angularjs is loading
When AngularJs is loading it shows interpolation curly braces for a fraction of a second on the screen.This is bad for UX. How do i avoid this from happening?
0
7
Rohan askedon {{::getFormatedLocalTime("2017-08-23T12:39:43.728Z", {without_time: true})}}
Choosing between Ruby on Rails or Node.js
For building a typical web application such as Quikr, what stack would you suggest?Ruby on Rails (ROR) was quite popular but it seems in last 2 years,  more people are choosing Node.js over it. Are there more developers available with Node.js skills than ROR? When should one for for ROR vs Node.js?
4
3
Milan askedon {{::getFormatedLocalTime("2017-07-16T12:04:00.796Z", {without_time: true})}}
anyone can tell what technologies should I have to learn to get into web development field?
anyone can tell what technologies should I have to learn to get into web development field?
0
4
Nipun askedon {{::getFormatedLocalTime("2017-04-22T14:28:24.531Z", {without_time: true})}}
What will be your advice to a young team building a web application for scale?
We are building a modern web application for scale (around 10,000 concurrent users). What will be your advice to our young team that is bright, but doesn't have experience doing this in the past.
4
2
Amandeep askedon {{::getFormatedLocalTime("2017-04-21T09:19:59.408Z", {without_time: true})}}
Will the block chain change everything as we know it?
I recently read about how the blockchain is being used for smart contracts. The use cases are a bare scratch on the surface. It can make every segment available today super efficient without using a lot of resources. 
3
3
Nipun askedon {{::getFormatedLocalTime("2017-04-19T06:46:56.600Z", {without_time: true})}}
VR is the next big thing, can VR applications be built without using a game engine?
Most of the VR applications available today are built using a game engine. Are there any other alternatives/frameworks available to build VR for the web. I came across Web VR from Google and was wondering how they built these. 
6
3
Neha askedon {{::getFormatedLocalTime("2017-04-22T14:23:11.234Z", {without_time: true})}}
What search technology you'd recommend for a moderately complex content website?
Algolia? Cloud Search? Elastic Search? Lucene?
1
2
Abhilash askedon {{::getFormatedLocalTime("2017-04-21T08:08:20.862Z", {without_time: true})}}
Augmented Reality has existed in the past, what has changed to get it into the limelight all of a sudden? Is this going to be the next big platform?
This medium has been getting popular in the last couple of years, but is this the next big thing.
3
1
Neha askedon {{::getFormatedLocalTime("2017-04-19T13:07:42.289Z", {without_time: true})}}
Have you considered conversational UI design for your products? Why? Why not?
Bots are taking over most of the interfaces, they are prominent across the web. Do yoou think they can replace websites after a point. 
3
1
Nipun askedon {{::getFormatedLocalTime("2017-04-05T13:46:34.862Z", {without_time: true})}}
How can you explain JavaScript closure to a beginner?
To a newbie Javascript programmer coming from more traditional programming languages such as C/C++, the idea of closure seems difficult to understand. How would you explain this concept as simply as possible?
0
1
Neelesh askedon {{::getFormatedLocalTime("2017-04-05T10:30:41.946Z", {without_time: true})}}
How does Angular 2 with NativeScript compare with React Native for building mobile apps?
I have heard good things about React Native. It seems to work fast and well for making cross platform apps. Recently I heard some people using Angular (>2) with NativeScript for this same.Have you used both? How would you compare them?
1
0
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
Okay
Privacy policy
File upload not supportedAudio recording not supported
This browser does not support file upload. Please follow the instructions to upload your resume.This browser does not support audio recording. Please follow the instructions to record audio.
  1. Click on the 3 dots
  2. Click on "Copy link"
  3. Open Google Chrome (or any other browser) and enter the copied link in the URL bar
Done