this is for holding javascript data
Alec Aivazis edited JWTs_are_good_because_they__.html
over 8 years ago
Commit id: 32de5ec6574b34f84c25fd53454aee78c6acd771
deletions | additions
diff --git a/JWTs_are_good_because_they__.html b/JWTs_are_good_because_they__.html
index 801e655..6eb3f37 100644
--- a/JWTs_are_good_because_they__.html
+++ b/JWTs_are_good_because_they__.html
...
JWTs are
a good
storage candidate because they allow for the client to be responsible for keeping track of the permissions of the currently logged in user. This removes the need for a session store in most cases which dramatically increases scalability and there are no more potential problem of synchronizing the store among processes with separate memory. However JWTs require a secret key to be decrypted which means it can't happen on the frontend with the same key that the server uses, say for its
csrf protection. A malicious visiter would be able to download the source code compiled on a few different views and look for similar strings. One of them would be the secret key so its easily brute-forcible.