Opinion : JSON web tokens |
I just wanted to get the communitys opinion on jwt. I currently use Php sessions for authentication, and while it works, it is a pain to have to handle multiple authentication methods for the same app depending on the device that my user is on.
While I am fully aware that jwt is meant to be "stateless", it makes me wonder of you can use jwt to replace the usual cookie based authentication, and have a key in the token that can be looked up in a database. This would make the jwt stateful but would give the added benefit of allowing the same authentication methods whether you're coming from the web, command line, or native application. An added benefit to this is that you're not bound to the Php session locking, though you would have to implement some logic to prevent your token data from being overwritten by concurrent requests. A little bit of Google researching has led me to find that jwt can be just as effective fighting Csrf if implemented correctly. As far as I know, Ruby on rails uses a similar method to jwt to store its sessions on the client, but I could be wrong. Is there a flaw in my logic here or could jwt securely replace Php sessions?
Codeigniter is simply one of the tools you need to learn to be a successful developer. Always add more tools to your coding arsenal!
|
Messages In This Thread |
Opinion : JSON web tokens - by albertleao - 03-04-2017, 06:53 AM
RE: Opinion : JSON web tokens - by arma7x - 03-04-2017, 07:38 AM
RE: Opinion : JSON web tokens - by albertleao - 03-04-2017, 08:21 AM
RE: Opinion : JSON web tokens - by Narf - 03-06-2017, 02:00 AM
RE: Opinion : JSON web tokens - by albertleao - 03-08-2017, 01:40 AM
RE: Opinion : JSON web tokens - by arma7x - 03-08-2017, 02:41 AM
|