You can store the user info in the JWT so you don't need to hit the database to ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		njknsdf on June 14, 2016 \| parent \| context \| favorite \| on: Don't use JSON web tokens for sessions You can store the user info in the JWT so you don't need to hit the database to get user info every time. I usually just store an id in each issued token and store/remove it from redis or memory as needed for invalidating it.

ekryski on June 18, 2016 [–]

You have to be careful that you are not leaking sensitive info though, as the JWT payload is meant to be visible on the client as well.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact