this is for holding javascript data
Alec Aivazis added JWTs_are_a_good_storage__1.html
over 8 years ago
Commit id: 403d71683c2c7b11898c230b6a47ce05c5c40e74
deletions | additions
diff --git a/JWTs_are_a_good_storage__1.html b/JWTs_are_a_good_storage__1.html
new file mode 100644
index 0000000..6eb3f37
--- /dev/null
+++ b/JWTs_are_a_good_storage__1.html
...
JWTs are a good storage candidate because they allow for the client to be responsible for keeping track of the permissions of the currently logged in user. This removes the need for a session store in most cases which dramatically increases scalability and there are no more potential problem of synchronizing the store among processes with separate memory. However JWTs require a secret key to be decrypted which means it can't happen on the frontend with the same key that the server uses, say for its
csrf protection. A malicious visiter would be able to download the source code compiled on a few different views and look for similar strings. One of them would be the secret key so its easily brute-forcible.