JSON Web tokens vs sessions for authentication | should you use JWTs as session tokens?

preview_player
Показать описание

In this video we cover whether you should use JSON Web tokens as session tokens. The answer might surprise you.

Mentioned blog posts for further reading

00:00 should you use JWTs as session tokens?
00:26 how server-side sessions with a session store work
01:55 how "client-side" sessions with JWTs work
04:03 logging out users from the server side
05:22 knowing who is currently logged in
06:11 session data visibility
06:42 revoking roles and privileges in JWT and session-based systems
08:00 scalability of server-side and client-side sessions
08:58 the need to maintain a session store
09:16 bandwidth consumption
09:38 attacking JWTs vs session-based authentication
11:11 cookies vs local storage
11:54 mitigating CSRF attacks
  1. Jan Goebel
  2. sessions vs jwt vs oauth
  3. session-based authentication
  4. session based authentication vs token based authentication
  5. session based authentication node js
  6. should i use jwt for authentication
Рекомендации по теме
Session vs Token 0:02:18

Session vs Token Authentication in 100 Seconds

Difference between cookies, 0:11:53

Difference between cookies, session and tokens

JSON Web tokens 0:14:14

JSON Web tokens vs sessions for authentication | should you use JWTs as session tokens?

How Does JWT 0:11:27

How Does JWT Authentication Work? (JSON Web Token) | Tokens vs Sessions

JSON Web Tokens 0:05:13

JSON Web Tokens (JWTs) vs Sessions Cookies : Web Authentication

Why is JWT 0:05:14

Why is JWT popular?

What Is JWT 0:14:53

What Is JWT and Why Should You Use JWT

Stop using JSON 0:23:33

Stop using JSON Web Tokens. Use Cookies & Server Sessions instead

Session tokens & 0:05:12

Session tokens & JWT tokens explained

What is JWT? 0:14:53

What is JWT? JSON Web Tokens Explained (Java Brains)

How does JWT 0:01:07

How does JWT work

JWT token vs 0:10:25

JWT token vs Server Tokens

What is JWT 0:26:12

What is JWT token and JWT vs Sessions

Cookies, Sessions, JSON 0:46:41

Cookies, Sessions, JSON Web Tokens (JWT) and More 🍪🔐

Don’t Use JWT 0:01:00

Don’t Use JWT for Login Sessions

Token vs Session 0:15:19

Token vs Session Authentication | Authentication Explained!!!

What is JWT 0:05:13

What is JWT ? JSON Web Token Explained

Authentication on the 0:37:05

Authentication on the Web (Sessions, Cookies, JWT, localStorage, and more)

Why I haven't 0:07:14

Why I haven't been using JWT tokens for Authentication

ID Tokens VS 0:08:38

ID Tokens VS Access Tokens: What's the Difference?

Authentication via sessions, 0:06:32

Authentication via sessions, tokens, and JSON web tokens - What to choose?

JWT vs Cookies 0:09:08

JWT vs Cookies for Authentication

Next.js App Router 0:11:31

Next.js App Router Authentication (Sessions, Cookies, JWTs)

JWT (JSON Web 0:01:17

JWT (JSON Web Tokens) vs Rails Session Cookies | Preview

Комментарии
Автор

Let me know what you think about this video.
Feel free to also post any video ideas in the comments below

jgoebel
Автор

Lucid and cogent talk. I learned quite a bit. Thanks for taking the time to put this together.

jmrah
Автор

Also thanks so much for this video. I learned a lot. I feel like the comparison has been so confusing and unclear. I now understand either way we're storing sessions, it's just whether you store them server side in a session store like redis OR client side via a JWT on the browser. That really clarifies the argument for me. In addition, all the other info in this video and your other videos are excellent explanations! Thanks you.

paulwong
Автор

Nice presentation - I had come to the same conclusion but you cover it and explain it really well!

paulgreen
Автор

I didn't even think about these scenarios (drawbacks ) of JWT. Thanks for sharing 🙂

furqananwar
Автор

This is really really good. Your well articulated points backed by nicely done illustrations helped me better understand the concepts

austinmusiku
Автор

This video made me change my mind about JWT. Great content here

karlopest
Автор

Super duper helpful! Thank you for the great explanation. It is really thoughtful, easy to understand and clean. 👌

thekeykan
Автор

I was always considering to switch from my battle-tested (APCu/Redis) session based solution to JWT. You successfully dissuaded me. Thank you for opening my eyes.

HaraldEngels
Автор

Super helpful and clear! Thank you for this great video.

hagridhaired
Автор

You are producing amazing content. Thank you a lot !

sergiim
Автор

Thank you for this wonderful video with so much information yet, so simple to understand!

abhishekbehera
Автор

Hey man, this was really helpful and insightful, I like how you put together the table and summarised the topic there. Thanks for creating this content.

davidkuda
Автор

This was helpful, thanks! More informative content like that please

dataluchs
Автор

Thank you for processing so much information for this vídeo

bernardodomeneghetti
Автор

Case #6: Need to maintain session store - I'd say its also "Yes" for JWT since you need to maintain a token blacklist. So it's yes for both and you better off maintaining whitelist (session than a blacklist (JWT)

moolipit
Автор

Damn 😂 this changed my mind on JWT by a lot... I already knew they had issues... but after watching this and read blog posts... I can’t think of any good reason to use them, except for maybe verifying emails for created accounts on your website😂...

Cognitoman
Автор

JWT for microservices, Sessions for monolith(Load balance too)

urevvlc
Автор

I like this video. It makes me trust my policy more.. "Modern practices may sometimes not be the best choice until field tested over many years". Let me know if i am thinking wrong

dfrontierit
Автор

damn you convinced me sessions are better than jwts... hats off brilliant explanation bro

rajarshibarman