Ask HN: Cookies vs. JWT vs. OAuth
136 by amend | 43 comments on Hacker News.
I’m using passport.js with a local strategy for authentication, and I’m using sessions/cookies for keeping state and keeping the user logged in. I’m not very knowledgeable in security (that’s why I’m asking here), but will using JWT (with the token stored in the cookie) to keep the user logged in instead of sessions/cookies make my application more secure when the passport middleware executes req.isAuthenticated? I thiiink somewhere in that call it checks cookies or jwt, depending on implementation. Also, I do not plan on opening the API to other sites, so OAuth is unnecessary. Is my understanding correct?
New top story on Hacker News: Ask HN: Cookies vs. JWT vs. OAuth
Related Posts
New top story on Hacker News: Bungie departs from Activision
New top story on Hacker News: AT&T says it’ll stop selling location data amid calls for federal investigation
New top story on Hacker News: How I Built a $5K a Month Side Project
New top story on Hacker News: An Interactive Introduction to Fourier Transforms
New top story on Hacker News: How to get your money’s worth from your startup lawyer
0 comments: