Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

JSON Web Token (JWT) advantages/disadvantages over Cookies

Tags:

cookies

jwt

One advantage of a JWT over a cookie seems to be that it bypasses the origin restrictions on cookies.

Can someone help me understand any other advantages and importantly any other disadvantages to JWTs?

like image 432
Ben Aston Avatar asked Dec 27 '14 11:12

Ben Aston

People also ask

Which is better JWT or cookie?

In both approaches the client side must securely save the “cookie” or the “jwt token”. The main difference is that in case of the JWT approach the server does not need to maintain a DB of sessionId for lookup.

What are the advantages of JWT token?

Benefits. There are benefits to using JWTs when compared to simple web tokens (SWTs) and Security Assertion Markup Language (SAML) tokens. More compact: JSON is less verbose than XML, so when it is encoded, a JWT is smaller than a SAML token. This makes JWT a good choice to be passed in HTML and HTTP environments.

Why are JWT tokens used and pros and cons?

JWT is commonly used for managing authorization. There exists an open industry standard called RFC-7519, which defines how JWT should be structured and how to use it for exchanging information (called “claims”) in the form of JSON objects. This information can be verified and trusted as its digitally signed.

Are JSON Web Tokens cookies?

Tokens, usually referring to JSON Web Tokens (JWTs), are signed credentials encoded into a long string of characters created by the server. The main difference between cookies and tokens is their nature: tokens are stateless while cookies are stateful.

1 Answers

a lot of web-related info can be found in a similar post here: Token Authentication vs. Cookies; I would like to call out some "architectural" differences:

  1. JWTs are a standardized container format to encode user and client related information in a secure way using "claims" (whereas cookie contents and signing/encryption are not standardized)
  2. JWTs are not restricted to present session-like information about the authenticated user itself; they can also be used to delegate access to clients that act on behalf of the user
  3. JWTs allow for a more granular access model than cookies because JWTs can be limited in "scope" (what they allow the client to do) as well as time
like image 200
Hans Z. Avatar answered Sep 19 '22 05:09

Hans Z.
Sign in to Comment

Related questions

Where can I download the jquery cookie plugin? [closed]
Set-cookie in response not set for Angular2 post request
Why store sessions on the server instead of inside a cookie?
setting cookies with HTTPOnly flags in codeigniter
How to set and retrieve cookie in HTTP header in Python?
How do I remove cookies when the browser is closed? [duplicate]
csrf attacks and double submitted cookie
Is there a setting on Google Adsense to suppress use of cookies for users who have not yet given consent
Storing Cookies Windows Store App
Disable all cookies set by a plugin in WordPress until a consent is provided
C#: ModernHttpClient, You're referencing the Portable version in your App - you need to reference the platform (iOS/Android) version
Private Browsing is deprecated in Android WebView as of API 17. What is the alternative?
How to set cookies for two-letter domains in IE8?
What is the difference between cookies maxAge and expiry
Selenium: Trying to log in with cookies - "Can only set cookies for current domain"
Prevent google recaptcha setting a cookie (GDPR)
Using PHPUnit to test cookies and sessions, how?
Jquery Ajax CORS + HttpOnly Cookie
Security loophole around password changes with .NET FormsAuthentication and persistent cookies?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!