Read the original article: Are You Using JWTs for User Sessions Correctly?
JSON Web Tokens (or JWTs) have become incredibly popular, and you’ve likely heard of them before. What you may not have heard is that JWTs were originally designed for use in OAuth — which is fundamentally different from user sessions.
While the use of JWTs for OAuth is widely accepted, its use for authenticating users sessions is controversial (see this post). In this article, I will attempt to make a comprehensive list of the pros and cons of using JWT for this context. I do not intend to solve this debate, since devs (especially devs) are often strongly opinionated. I only aim to summarize all the perspectives.
Read the original article: Are You Using JWTs for User Sessions Correctly?