Cookie & Session vs JWT

*복습 자료라서 뻔한 내용은 생략

 

 

Summary.

 

1. In web applications, you try to decide when to use either JSON Web Tokens (JWTs) or sessions (cookies) for authentication. When you browse the web you use HTTP, which is a stateless protocol. So, the only way to remember the states of your application is using either sessions or tokens

 

 

 

 

Additional.

1. JWT 같은 credential은 cookie에 저장해둬야 안전

 

2. (다음에) JWT 구조 및 사용법 공부 (client id나 권한 같은 내용을 payload에 담는게 일반적인지? payload에 담는 데이터는 자유롭게 정해도 되는 것인지?)

 

3. (다음에) JWT 사용하면 안되는 이유 공부해보기

    + https://redis.com/blog/json-web-tokens-jwt-are-dangerous-for-user-sessions/ 

 

 

Reference.

• https://redis.com/blog/json-web-tokens-jwt-are-dangerous-for-user-sessions/
• https://tecoble.techcourse.co.kr/post/2021-05-22-cookie-session-jwt/
• https://www.loginradius.com/blog/engineering/guest-post/jwt-vs-sessions/