问题
I am considering replacing my old session-cookie-based authentication with JWT token-based authentication. I read from here that it is suggested to store JWT as cookie.
If so, isn't that a re-implementation of signed cookie?
回答1:
Yes it is but the advantage is that the format (i.e. JSON), some of the information elements (expiry timestamp, issued-at timestamp, issuer etc.) and the method of protecting it (i.e. signature/encryption method) is standardized so you can use stock libraries to create and read it in a very convenient and error-free way.
来源:https://stackoverflow.com/questions/34635541/shall-we-store-jwt-as-a-cookie