JWT vs cookies for token-based authentication

Question

I read some posts about \"JWT vs Cookie\" but they only made me more confused...

1. I want some clarification, when people ta

Answer 1

Ref - Need for JSON Web Token

Cookies

In case of cookies, once the user has been authenticated then the Gmail Server will create a unique session Id. Corresponding to this session id it will store in memory all the user information that is needed by the Gmail server for recognizing the user and allowing it perform operations.
Also then for all subsequent requests and response, this session id will also be passed. So now when the server receives a request it will check the session id. Using this session id will check if there is any corresponding information. It will then allow the user to access the resource and return back the response along with the session id.

Drawbacks of Cookies

• Cookies/session id is not self contained. It is a reference token. During each validation the Gmail server needs to fetch the information corresponding to it.
• Not suitable for microservices architecture involving multiple API's and servers

JWT

• JWT is self contained. It is a value token. So during each validation the Gmail server does not needs to fetch the information corresponding to it.
• It is digitally signed so if any one modifies it the server will know about it
• It is most suitable for Microservices Architecture
• It has other advantages like specifying the expiration time.