Stop using JWT for sessions, part 2: Why your solution doesn't work Almost a week ago I published an article explaining why you shouldn't use JSON Web Tokens as a session mechanism. Unfortunately, it seems I've found the upper limit on article length before people stop reading - many of the commenters on Reddit and Hacker News kept suggesting the same "solutions" over and over again, completely ig