Hacker News new | past | comments | ask | show | jobs | submit login

Ok, yes, session is a concept. Session state can be stored in its entirety or split between an ID and body.

You can send it all to the client or you can send just an ID and lookup the body on the server.

You can send it to the client via the cookie header or via the Authorization header or something else.

You can encode the data (sent via cookies or auth header) as a JWT or your own encryption scheme.

These are all different technologies working at different layers, which is why comparing JWTs vs cookies vs sessions doesn't really make sense.




> Ok, yes, session is a concept. Session state can be stored in its entirety or split between an ID and body.

the storage of session has absolutely nothing to do with the session. I'm not sure why you keep talking about Cookies it has nothing to do with the problem. JWT can be persisted with cookies as well.


Yes, my original and last comments already said exactly that... I'm not sure what you're arguing at this point.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: