Date: 26th September 2020 4 pm to 5:30 pmwww.isabangalore.org.in +91-9663500132
In session-based authentication, the server has to remember the information, and whenever a request is made, it has to do a lookup to find the information. But, in JWT, all the data is stored in the token itself, and no information stored is in the server memory itself. And why is that great? You can then use the same token for multiple servers that you run without running into problems that one server has a piece of particular information, and the other server doesn’t.
This application of JWT is especially very useful in micro-services. In micro-services, multiple deployable products that are connected. Since there are various products, they all have their own individual servers. Now, in a session-based authorization, all the different servers must contain the user's information. So suppose three independent services are connected. The client makes a request to service two from the service one. The client has to re-enter all his details because the service two server doesn’t contain the information that service one server contains.
Whereas, in the case of JWT, if all the different servers share the same secret key, then a single JWT token can be used for authorization in all the various services. This makes JWT a handy tool for authorization purposes.