Skip to main content

Subscribe to GoRails to get access to this episode and all other pro episodes, and new awesome content every month.

Subscribe Now
Only $19/month

Unlimited access. Cancel anytime.

36 JSON Web Tokens (JWT) vs Rails Session Cookies

Episode 163 · December 28, 2016

Explore the differences and similarities between Json Web Tokens and Rails session cookies and why you'd want to use one over the other

Authentication APIs


Subscribe or login to view the transcript for this episode.


Nick on

Nice work Chris (and getting these prepared over the Holiday season), very keen for the implementation video!

Carlos Orellana (930 XP) on

Great material. Can't wait for the implementation using JWT.


Masud Rana Hossain on

Loving these advanced topics! Keepem coming, Chris!

victor hazbun (340 XP) on

Please tell us how to deal correctly with JWT and expirations, lets say the user is admin but on the server side it changes, the user still have admin permissions in the front end, and that could break your back end, what should we do in this scenario? (ActionCable maybe?)

Alex Popov on

Excellent general overview of JWT vs session. Can't wait for the hands-on with JWT.

Xiaohong, Deng (1,140 XP) on

With a JWT, server will always think you are logged out. Why is that? Just because it has to be manually included in the header by ourselves? I'm confused.

"So the server would always think that you're logged out, it will never let you do anything malicious via a bad URL or something like that. "

Chris Oliver (167,510 XP) on

Correct. The server doesn't have a clue who you are unless you give them a JWT or a session cookie. Your browser automatically sends cookies over in every request so it makes things easy that way. With JWTs, every request your code makes to the server must manually include it.

Xiaohong, Deng (1,140 XP) on

the second half of the video is really hard to understand for me.

Login or create an account to join the conversation.