JSON WEB TOKEN

Q. What is json-web-token
	a. It is open standard RFC7519
    b. JWT makes possiable to communicate securely between two bodies.
    c. It used for Authorization.

Q. Advantages
	a. It is a value token so during each validation no need to fetch user details
    b. It is digitally signed so anyone modify it server will know about it
    c. It have advantages of expiration also
    
STRUCTURE-
  HEADER: {
    'alg': 'HS256',
    'type': 'jwt'
  }
  PAYLOAD: {
    'sub': 'jfas123fj',
    'name': 'jivan toshniwal',
    'admin': true
  }
  SIGNATURE: HMACSHA256(
	base64Ur1Encode (header) + "." +
	base64Ur1Encode (payload),
	my-very-secret-secre
) secret base64 encoded

DisAdvantage:
--No way to log out or invalidate sessions for users. Moreover, there is no way for a user to disable their sessions across multiple devices. Since the tokens are generated and verified on the fly, we can't have access to the different logged-in clients which can pose problems when you need to identify the devices.
--Although JWT does eliminate the database lookup, it introduces security issues and other complexities while doing so. Security is binary—either it's secure or it's not. Thus making it dangerous to use JWT for user sessions.