The use of JSON Web Tokens (JWTs) in web authentication has been widely promoted due to its perceived benefits, but it has several potential dangers and complexities that have not been adequately addressed by marketers and creators. JWTs attempt to eliminate database lookup by storing user information in the session token itself, but this approach introduces security issues, such as token revocation problems, where the server has no easy way to revoke a token once it is issued. This can lead to unintended consequences, such as users continuing to access the system until the token expires, or administrators not being able to immediately demote users to lower permissions. Additionally, JWTs can exceed URL length limits and cause issues with data storage and transmission. A more battle-tested approach is to use a database that provides blazing-fast performance, such as Redis Enterprise, which can serve trillions of requests and provide 99.999% availability. By using Redis as a session store and another database as the primary database, developers can achieve a simpler architecture and faster performance.