我们应储存智威汤逊作为cookie？ [英] Shall we store JWT as a cookie?

问题描述

我正在考虑与智威汤逊基于令牌的认证取代我的旧会话基于Cookie 认证。我从读到这里它建议JWT存储为cookie的。

I am considering replacing my old session-cookie-based authentication with JWT token-based authentication. I read from here that it is suggested to store JWT as cookie.

如果这样，是不是再实施签署的cookie ？

If so, isn't that a re-implementation of signed cookie?

推荐答案

是的，但优点是格式（比如JSON），某些信息元素（到期时间戳，发行，在时间戳，发行人等）并保护它（即签名/加密方法）的方法是标准化的，所以你可以使用股票库创建和一个非常方便的和无差错的方式阅读。

Yes it is but the advantage is that the format (i.e. JSON), some of the information elements (expiry timestamp, issued-at timestamp, issuer etc.) and the method of protecting it (i.e. signature/encryption method) is standardized so you can use stock libraries to create and read it in a very convenient and error-free way.

这篇关于我们应储存智威汤逊作为cookie？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！