search

knowthen / Episode-9-Ditching-Cookies-for-JSON-Web-Tokens

Source for screencast: Ditching Cookies for JSON Web Tokens
http://knowthen.com/episode-9-ditching-cookies-for-json-web-tokens/
20 stars 2 forks source link

What's the difference? #2

Closed zwhitchcox closed 9 years ago

zwhitchcox commented 9 years ago

What's the difference between storing it in a cookie or localStorage to store the JWT?

knowthen commented 9 years ago

Using JWT's has several potential benefits, which I mentioned in the screencast and on the blog entry. Some of the benefits are a result of not using cookies (CORS, CSRF...) and instead sending the JWT as a request header.
Now if you stored the JWT in the cookie alone (not sending as a header) you wouldn't get some of the potential benefits of JWT's (CORS, CSRF...) because you're still sending the cookie... If you stored the JWT in the cookie and sent the JWT in the header, then you would still be sending the cookie, which is useless, wastes bandwidth and has same negative side effects... Hopefully that helps

zwhitchcox commented 9 years ago

Thanks!

By the way, have you ever thought about joining Lynda.com? Your series is probably the greatest explanatory videos I've ever seen. You've really cut out everything I usually hate about those videos, and it's really great to watch. Anyway keep it up!

zwhitchcox commented 9 years ago

Also, just a request but you should do a series on algorithms and design patterns!