Is JWT necessary over HTTPS communication?

Question

I\'m developping a MEAN stack application, and I\'m currently setting up an account system. I\'ve seen several tutorials about Authentication, all using JWT. I

Answer 1

Is JWT necessary over HTTPS communication?

No. Communication protocol (HTTP v.s. HTTPS) is one thing, and authentication mechanism (JWT v.s. Session) is another -- these are 2 totally different area.

For communication protocol (HTTP v.s. HTTPS), HTTPS can be used alone, without any JWT tokens or sessions. For example, a static web site can be made (only HTML+CSS) and served with HTTPS. In this way, the web site can be certificated by CA and prevent forge attack.

Even if you need authentication in web application, JWT token is not the only choice. Session is old technology but it is still reliable, which made JWT definitely NOT necessary.