NextAuth session storage

I'm a bit confused reading the NextAuth documentation (probably because my knowledge of security is not very good). Well, it says that NexAuth by default stores sessions in JWT (which is probably safer than cookies), but when we add an adapter to the database (I added it), it starts storing them in a server side cookie. I'm wondering whether to do a custom config now to store the session back in JWT. Are server side cookies enough? By the way, how do you store the fact that a user is logged in? Just the sessionid from useSession and passing that to the context?
2 Replies
barry
barry2y ago
JWT is the opposite of secure
cement
cement2y ago
heck, I see a different opinion from each side :(, thanks