2021-01-01 UTC
# [Raphael_Luckom] the problem is that many resources that give advice on this conflate those terms as well. For instance, so far this morning I've seen places that recommend _never_ storing "tokens" on the browser. But by "tokens" I believe they're referring to something like JWTs (which makes sense if you decide that "tokens" and "session ids" are different, but not if you think they can both be called "tokens")