midWeb Security

What is JWT and how does it work?

Updated May 6, 2026

Short answer

JWT is a token format used for stateless authentication.

Deep explanation

JWT contains header, payload, and signature. It is signed to prevent tampering but not encrypted by default.

Real-world example

Single-page apps using JWT for login sessions.

Common mistakes

  • Storing sensitive data in JWT payload.

Follow-up questions

  • Can JWT be revoked?
  • JWT vs sessions?

More Web Security interview questions

View all →