Ask HN: Cookies vs. JWT vs. OAuth

I’m using passport.js with a local strategy for authentication, and I’m using sessions/cookies for keeping state and keeping the user logged in.

I’m not very knowledgeable in security (that’s why I’m asking here), but will using JWT (with the token stored in the cookie) to keep the user logged in instead of sessions/cookies make my application more secure when the passport middleware executes req.isAuthenticated? I thiiink somewhere in that call it checks cookies or jwt, depending on implementation.

Also, I do not plan on opening the API to other sites, so OAuth is unnecessary. Is my understanding correct?

from Hacker News: Front Page http://ift.tt/2I0d3wC
via