top | item 44032673

(no title)

bekacru | 9 months ago

- Not right now, but there’s already an open issue and a PR in progress.

- We don’t use JWTs directly, and sessions always require state (it’s not stateless). And yeah, both the client and server handles automatic session refresh.

- Yes, we support both multiple sessions or having different organizations open in different tab: https://www.better-auth.com/docs/plugins/multi-session

- Yes, that’s possible, you just need to set the `prompt` parameter to `select_account`

discuss

theogravity|9 months ago

As another asked, "why?" on no JWT? It makes interfacing with our API servers so much easier as we don't need to maintain infra for sessions and wouldn't be limited by the 4kb limit for sending cookies.

doshaa|9 months ago

I use better auth for a real app

There is a plugin provided by better auth for jwt https://www.better-auth.com/docs/plugins/jwt

We dont need it since everything is a single "server" and cookies are good enough. JWT would be added complexity ( e.g sign out ) that i find it better to not be set as a default.

bonus reading http://cryto.net/~joepie91/blog/2016/06/19/stop-using-jwt-fo...

motorest|9 months ago

> We don’t use JWTs directly

Why?

unknown|9 months ago

[deleted]

hungryhobbit|9 months ago

Evidently they prefer to be less secure by default.