🧠 Session
✔ prosty
✔ bezpieczny (HTTP only cookies)
🧠 JWT
✔ stateless
✔ dobre dla API
⚠️ Problem JWT
👉 trudne unieważnianie tokenów
⚖️ Kiedy co?
✔ web app → session
✔ API / mobile → JWT
✔ prosty
✔ bezpieczny (HTTP only cookies)
✔ stateless
✔ dobre dla API
👉 trudne unieważnianie tokenów
✔ web app → session
✔ API / mobile → JWT