Moving JWT from headers to cookies

One item that has been nagging me, as we continue developing our framework and sample apps, is that the Java Web Token (JWT) is n the header of the request like this.

GET http://localhost:8080/someprotectedendpoint
Authorization: Bearer <jwt token>

While this works absolutely fine, there are some drawbacks in terms of security.… Read more