0
0
NextJSframework~5 mins

JWT vs session strategy in NextJS - Quick Revision & Key Differences

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Recall & Review
beginner
What is a JWT (JSON Web Token)?
A JWT is a compact, URL-safe token that securely transmits information between parties as a JSON object. It is often used for stateless authentication in web apps.
Click to reveal answer
beginner
How does session-based authentication work?
Session-based authentication stores user data on the server after login. The server creates a session ID and sends it to the client as a cookie. The client sends this cookie with requests to prove identity.
Click to reveal answer
intermediate
What is one main advantage of JWT over sessions?
JWTs are stateless, meaning the server does not need to store session data. This makes scaling easier because any server can verify the token without shared storage.
Click to reveal answer
intermediate
What is a key security concern with JWTs compared to sessions?
JWTs are stored on the client side, often in localStorage or cookies, which can be vulnerable to theft via XSS attacks. Sessions keep sensitive data on the server, reducing this risk.
Click to reveal answer
intermediate
When might you prefer session strategy over JWT in Next.js apps?
Use sessions when you want simple, secure authentication with server-side control, especially if you need to easily revoke access or store complex user data securely.
Click to reveal answer
Which of these is true about JWT?
AIt stores user data on the client and is stateless.
BIt requires server-side storage for each user session.
CIt cannot be used in Next.js apps.
DIt automatically encrypts user passwords.
What does a session ID cookie do?
AEncrypts the user's password.
BStores the entire user profile on the client.
CIdentifies the user session on the server.
DExpires immediately after login.
Which is a security risk specific to JWTs?
AServer overload from storing sessions.
BXSS attacks stealing tokens from client storage.
CCookies being sent automatically with requests.
DSessions timing out too quickly.
Why might sessions be easier to revoke than JWTs?
ASessions do not use cookies.
BJWTs expire instantly after logout.
CJWTs are encrypted and cannot be revoked.
DSessions are stored on the server and can be deleted anytime.
In Next.js, which strategy is better for scaling across many servers?
AJWT strategy because it is stateless.
BSession strategy without shared storage.
CSession strategy with local server storage only.
DNeither can scale well.
Explain the main differences between JWT and session strategies for authentication.
Think about where data is stored and how that affects security and scaling.
You got /4 concepts.
    Describe a scenario in a Next.js app where you would choose sessions over JWTs.
    Consider security and control needs.
    You got /4 concepts.