I once got the heebie-jeebies about an API and on instinct ended up protecting an application from the "macOS Keychain Access Control List (ACL) Zero-Day vulnerability".
This article just sounds like heebie-jeebies, at best it's someone saying something about JWT doesn't smell right (because it can be used incorrectly,) at worst it's a pissing match / religious war.
This article would be more credible if it had a tangible explanation of a real exploit.
(BTW: I don't understand how cookies are inherently "better" or "worse." They can be sniffed and replayed too.)
This article just sounds like heebie-jeebies, at best it's someone saying something about JWT doesn't smell right (because it can be used incorrectly,) at worst it's a pissing match / religious war.
This article would be more credible if it had a tangible explanation of a real exploit.
(BTW: I don't understand how cookies are inherently "better" or "worse." They can be sniffed and replayed too.)