Skip to content
Better HN
Top
Best
Ask
Show
New
Jobs
Search
⌘K
0 points
ynniv
7y ago
0 comments
Save
Share
You can sign session ids to prevent DoS, and you can cache session ids to avoid database lookups, but you can't detect forged or stolen JWT tokens.
0 comments
1 comments · 1 top-level
top
newest
oldest
nmgsd
7y ago
You can't forge a JWT without stealing the private key of the valid JWT signer.
You can steal a JWT token the same way you can steal a session token.
1 more reply
j
/
k
navigate · click thread line to collapse
