JSON Web tokens vs sessions for authentication | should you use JWTs as session tokens?

🔥More exclusive content: https://productioncoder.com/you-decide-what-we-build-next Twitter: https://twitter.com/_jgoebel Blog: https://productioncoder.com In this video we cover whether you should use JSON Web tokens as session tokens. The answer might surprise you. Mentioned blog posts for further reading http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/ http://cryto.net/~joepie91/blog/2016/06/19/stop-using-jwt-for-sessions-part-2-why-your-solution-doesnt-work/ 00:00 should you use JWTs as session tokens? 00:26 how server-side sessions with a session store work 01:55 how "client-side" sessions with JWTs work 04:03 logging out users from the server side 05:22 knowing who is currently logged in 06:11 session data visibility 06:42 revoking roles and privileges in JWT and session-based systems 08:00 scalability of server-side and client-side sessions 08:58 the need to maintain a session store 09:16 bandwidth consumption 09:38 attacking JWTs vs session-based authentication 11:11 cookies vs local storage 11:54 mitigating CSRF attacks