1. Introduction to JWT
1.1 Overview
JWT, also known as JSON Web Token, is a token for web applications in the form of JSON, which is used to securely transmit information between parties as JSON objects, and can complete data encryption, signature and other related processing during data transmission.
1.2 Benefits
In the JavaWeb stage, the session is often used to store, so as to facilitate the judgment of whether the user is operating or not. But this happens to expose a problem, the use of session storage requires server memory . It's fine when there are only one or two users, but when there are thousands of users, it's hard for the server to hold up. And the session is implemented based on cookies, so the data is easy to be intercepted and subject to CSRF cross-domain forgery attack , so it is not very secure. At this time, the advantages of JWT are highlighted.
- Compact: It can be sent through URL, POST parameters or HTTP header, because the amount of data is small, and the data transmission is fast;