JWTs aren't stored in a backend though.
Session cookies you exchange an opaque value with the DB for the user info
JWTs the user hands you their driver's license, and you can verify that it's an authentic license for the person who's name is on it
JWTs aren't stored in a backend though.
Session cookies you exchange an opaque value with the DB for the user info
JWTs the user hands you their driver's license, and you can verify that it's an authentic license for the person who's name is on it
The word "session" is overloaded. In browser terminology, a session cookie is one that expires/is cleared when you exit the browser (it doesn't persist on disk)
In application terminology, a session is user state that outlives a single request.
Depending on what definition you use and how pedantic you are, a stateless signed cookie is also a session cookie.