I stopped using JWT for my admin dashboards and switched to HttpOnly cookies

 (admincore.gumroad.com)

1 points | by aymrick 3 hours ago

2 comments

  • aymrick 3 hours ago
    After building several SaaS admin dashboards, I found JWT to be limiting for security and team management. I built AdminCraft V2, a React admin frontend + secure Node.js backend using HttpOnly cookies.

    Frontend is public: https://github.com/Aymrick97/admincore-frontend-v2 Premium backend with auth, roles, Stripe & team management: https://gumroad.com/l/admincraft-backend-v2

    [-]
    • codingdave 2 hours ago
      What limits did you run into with JWT?
  • unsnap_biceps 1 hour ago
    JWT is a data token format, HTTPOnly is a flag on cookie data. You can flag your JWT cookie with HTTPOnly. It's not an either-or.

    Could you expand on what prompted your move from the JWT standard to whatever you choose?