• JSON Web Tokens
• JSON data encoded as a string and cryptographically signed (JSON data + signature)

# References

https://scotch.io/bar-talk/why-jwts-suck-as-session-tokens