Node js, JWT token and logic behind

Question

I\'m using the JWT to protect node js urls https://github.com/auth0/express-jwt

To create a JWT token user session i simply do:

-> auth/signup
            


        

Answer 1

1. You need to store the token on the client side (local storage or cookie)

2. Yes. HTTP is stateless. If you don't verify it every time, someone could call your URL without the token or with an invalid token. If you are worried about performance, an HMACSHA256 check is very fast.

3. That doesn't make sense, you must be doing something wrong.