this is for holding javascript data
Alec Aivazis edited JWTs_are_a_good_storage__1.html
over 8 years ago
Commit id: 05f150383604a8a85bf6ce65675bb2ca53d75c69
deletions | additions
diff --git a/JWTs_are_a_good_storage__1.html b/JWTs_are_a_good_storage__1.html
index 6eb3f37..c50515b 100644
--- a/JWTs_are_a_good_storage__1.html
+++ b/JWTs_are_a_good_storage__1.html
...
JWTs
JWTs are a good storage candidate because they allow for the client to be responsible for keeping track of the permissions of the currently logged in user. This removes the need for a session store in most cases which dramatically increases scalability and there are no more potential problem of synchronizing the store among processes with separate memory. However JWTs require a secret key to be decrypted which means it can't happen on the frontend with the same key that the server uses, say for its
csrf protection. A malicious visiter would be able to download the source code compiled on a few different views and look for similar strings. One of them would be the secret key so its easily brute-forcible.