🔐 JWTs became the default for login settings, even though they were never built for it.
Revoking one means tracking the server state. And once you have a state, a plain cookie session does the same job.
JWTs or cookie sessions, which side are you on?
Read more in 🧵
22 days ago