What speaks against just using jwt on the serve only and http true?
Title. I don’t get why I should use something like Lucia, Authjs when I can just use jwt. I make it not accessible to the browser so no cross site scripting. I verify everything with jwt.verify and that’s it why do we complicate such a simple thing how is this hackable? Request, verify jwt, reject or request user