• 7heo@lemmy.ml
    link
    fedilink
    arrow-up
    59
    arrow-down
    2
    ·
    1 year ago

    Server side sessions are still valid until you signal to the server to invalidate (destroy) them.

    That’s why “signing off” isn’t remotely the same as deleting cookies, and that’s why jwt are fundamentally a bad idea, especially without expiration.

    This meme is wrong. It’s the logical equivalent to saying that “extinguishing a fire” and “closing your eyes” are the same thing (as it makes the fire disappear to you), but that closing your eyes is just more convenient.