JWT Authentication strategy
Question
Right now I have this confusion whether I should store JWT Token in the session or not
Should I
Store it in Redis after Token creation has been made
// JWT TOKEN token := CreateToken(user) // Storing it in Gorilla Session + Redis s := sessions.Default(c) s.Set("token", token) s.Save()
So then take the token from the server instead from subsequent request from the request Header
s.Get("token")
// and to something with it
Pass the Token in Subsequent request so in every route that required The token
func login(c *gin.Context) { c.Getheader("Authorization") }
I'm using gin framework
Which approach is better session or subsequent request from user
Regards, Naufal
2 answers
solution1
3 2019-02-22 07:52:44
If you make a client - then YES, as you've obtained the a token, you should store it and pass with subsequent requests.
If you make a server - then NO. You have no need to store a token you've issued, but you should validate it any time you get with a client's request. This way you can make your service stateless and more scalable.
solution2
1 2019-02-22 09:16:41
Don't store JWT in sessions.
One important benefits of using JWT is keeping server stateless. Now, If you put JWT in sessions, you are losing the benefits of JWT.
Example:
Say, you have two instances of your server load-balanced. Unless you create some sort of shared session storage, your visitor will have to be forced to visit the same server every time (and that is not easy).
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.