baggiiiie

JWT-and-cookies

What’s the similarity and difference between JWT and cookies

tags: learning programming diff-between

content

They are both used to maintain some sort of state (e.g., authentication) for http requests (http is stateless)

  • JWT is a standardized way to format data

  • cookie is a mechanism defined by RFC, it is a part of http standard (Set-Cookie, Cookie)

  • cookies can contain more information than just authentication (e.g., analytics)

  • cookies could just be JWT inside (you can store JWT in cookies)

    • cookies are mainly for browsers
    • cookies are automatically stored by the browser and included in the future requests
    • cookies often references some session data in server side

  • JWT is more commonly for direct API requests

up

down

reference

Graph View

Backlinks