#JWT vs session (nodejs)

What is the difference between using JWT and the session secret? I thought you could validate the JWT without a request to the server, so I implemented it but realized that a request to the server is needed anyway. So what is the point of using it instead of the session workflow?

In Appwrite, JWTs are useful when you need to securely act on behalf of a user with the same permissions.
For example, if your backend app's Server SDK needs to fetch resources, using JWT ensures that it only accesses resources the user has permissions to see. This is more secure compared to using an API key, which would fetch all resources regardless of permissions.

Use JWT: When you need stateless authentication, cross-domain authentication, or when you want to minimize server load.

Use Session-Based Authentication: When you need easier session revocation and have the server resources to handle session storage.

For more info, checkout docs: https://appwrite.io/docs/products/auth/jwt

thanks for the answer. I still don't understand it though.

"JWT ensures that it only accesses resources the user has permissions to see" - well, so does using the session secret. I don't understand the argument since I don't use the API key to get data in both cases.

"use JWT: [...] or when you want to minimize server load." but I don't minimize server load since I can't verify the token without a server request (which would be the whole point of using JWT for me).

it all would make sense if I could verify the jwt without the need to make a request to the server. I really think I'm missing something.

jwts are short lived like 15ish mins, for example when you want to act as the signed in user