So its not that JWT is better than cookie based auth they are just two different forms of storage. Cookies are 'stateful' and tokens are not. So I use JWT for stateless API auth. I actually use JWT and store it in a cookie for a lot of my projects.
So when a user signs into my website and I authenticate through my API and on success my API returns a JWT token then I store the token in a HTTPOnly cookie. On each request to the API I gt the token from the cookie and send the JWT token to the API. I've used this approach in PHP and Nodejs applications with great success.
I want my web interface to be stateful, so it can remember that you're logged in, but I want my API to be stateless and independent so it can easily be used for multiple platforms.
TJ
Building Sparkle ✨ for Laravel | Echo Labs | Curology
So its not that JWT is better than cookie based auth they are just two different forms of storage. Cookies are 'stateful' and tokens are not. So I use JWT for stateless API auth. I actually use JWT and store it in a cookie for a lot of my projects.
So when a user signs into my website and I authenticate through my API and on success my API returns a JWT token then I store the token in a HTTPOnly cookie. On each request to the API I gt the token from the cookie and send the JWT token to the API. I've used this approach in PHP and Nodejs applications with great success.
I want my web interface to be stateful, so it can remember that you're logged in, but I want my API to be stateless and independent so it can easily be used for multiple platforms.