Authentication: JWT usage vs session

Question

What is the advantage of using JWTs over sessions in situations like authentication?

Is it used as a standalone approach or is it used in the session?

Answer 1

My two cents, which on the way add some contrast to joepie91's famous blog post.

Considering that today's (and tomorrow's) applications are (mostly) cloud native
There's an economic benefit to Stateless JWT Authentication, which scales as the application scales:
Cloud applications incur cost along with every breath one draws.
This cost is reduced when users no longer have to authenticate "against" a session store.

Processing
Running a session store 24/7 costs money.
You can not get away with memory based solutions in the world of K8S, as pods are ephemeral.
Sticky sessions will not fare well for the exact same reason.

Storage
Storing data costs money. storing data in a SSD costs even more.
Session related operations need to be resolved quickly, so an optical drive is not an option.

I/O
Some cloud providers charge money for Disc related I/O.

Bandwidth
Some cloud providers charge for network activity between server instances.
This applies since it is almost certain that the API and session store are separate instances.

Clustering the session store
The cost escalates all aforementioned costs even further.