this is for holding javascript data
Alec Aivazis added JWTs_are_good_because_they__.html
over 8 years ago
Commit id: 6b7432a520e0ca826757bd5fd506b31a0cf1782d
deletions | additions
diff --git a/JWTs_are_good_because_they__.html b/JWTs_are_good_because_they__.html
new file mode 100644
index 0000000..bd1b0e6
--- /dev/null
+++ b/JWTs_are_good_because_they__.html
...
JWTs are good because they allow for the client to be responsible for keeping track of the permissions of the currently logged in user. This removes the need for a session store in most cases which dramatically increases scalability and there are no more potential problem of synchronizing the store among processes with separate memory. However JWTs require a secret key to be decrypted which means it can't happen on the frontend with the same key that the server uses, say for its
csrf protection. A malicious visiter would be able to download the source code compiled on a few different views and look for similar strings. One of them would be the secret key so its easily brute-forcible.