I was excited to watch this video because I was interested if it's actually I will learn something newer about JWT.
But the guy is cheating. He's uh making weak arguments and then defeating the weak arguments.
A few notes: cookies are not cryptographically signed by default, so you need to do it yourself. With JWT you save a spec which tells you how to do this correctly.
So my conclusion, if you understand why do you need JWT, you can use it.
I was excited to watch this video because I was interested if it's actually I will learn something newer about JWT.
But the guy is cheating. He's uh making weak arguments and then defeating the weak arguments.
A few notes: cookies are not cryptographically signed by default, so you need to do it yourself. With JWT you save a spec which tells you how to do this correctly.
So my conclusion, if you understand why do you need JWT, you can use it.
But one thing I agree with him: using just session cookie is usually a go-to solution. I will prefer session cookie 100%.