lil5 :golang: 🌱 on Nostr: Unless I’m not mistaken, encrypted cookie/jwt are only handy when you give the ...

Unless I’m not mistaken, encrypted cookie/jwt are only handy when you give the client sensitive data that they shouldn’t have access to, I do use them for validating session challenges — but for authentication, the jwt signature is the validation.