How does it differ from using sessions?

In a typical session flow, the browser sends a cookie containing a token, which is then matched at the server to some data which the server makes use of to authenticate the user.
In a JWT flow, the token itself contains the data. The server decodes the token to authenticate the user. No data is stored on the server.

Question Loading...

How does it differ from using sessions?

In a typical session flow, the browser sends a cookie containing a token, which is then matched at the server to some data which the server makes use of to authenticate the user.
In a JWT flow, the token itself contains the data. The server decodes the token to authenticate the user. No data is stored on the server.