this is for holding javascript data
Alec Aivazis edited JWTs_are_good_because_they__.html
over 8 years ago
Commit id: 63ea1315c084ba5d30e9c827ebd49d6e123ef4c2
deletions | additions
diff --git a/JWTs_are_good_because_they__.html b/JWTs_are_good_because_they__.html
index bd1b0e6..801e655 100644
--- a/JWTs_are_good_because_they__.html
+++ b/JWTs_are_good_because_they__.html
...
JWTs are good because they allow for the client to be responsible for keeping track of the permissions of the currently logged in user. This removes the need for a session store in most cases which dramatically increases scalability and there are no more potential problem of synchronizing the store among processes with separate memory. However JWTs require a secret key to be decrypted which means it can't happen on the frontend with the same key that the server uses, say for its
csrf protection. A malicious visiter would be able to download the source code compiled on a few different views and look for similar strings. One of them would be the secret key so its easily
brute-forcible.
brute-forcible.