JWT不需要存储在服务器端.创建JWT时，您使用秘密对其进行加密-将其视为密码".然后将其发送到可以存储它的客户端.

JWTs do not need to be stored on the server side. When you create a JWT, you encrypt it using a secret - think of this as the "password." Then you send it to the client where it can be stored.

当客户端发出请求时，它将与它一起发送JWT.在服务器端，您可以使用相同的机密对其进行解密.如果该密码不起作用，则说明它是无效的JWT.

When the client makes a request, it sends the JWT along with it. On the server side, you can the decrypt it using the same secret. If the secret does not work, you know it is an invalid JWT.

出于明显的原因，您的JWT机密应保密！***的方法是将其存储为环境变量.

For obvious reasons, your JWT secret should be kept secret! The best way to do this is to store it as an environment variable.