Should I Use Spring Security with Sessions or JWT for My Angular and Spring Boot Project?

Honestly, if you're only using JWT just to avoid managing sessions, it might not be worth the hassle. Regular session cookies are totally fine for a single application server scenario. JWT shines when you need single sign-on across multiple applications, but if that’s not your case, stick with Spring Security and session management.

It really depends on how you plan to set up authentication. If you're using form login with user credentials, JWT can work. For session-based authentication, stick with Spring Security, especially for local deployments. Keep it simple if you're not sure why you need JWT.

Remember, JWT is just a format to store data, not a complete authentication scheme by itself. If you're managing user credentials in your database, using traditional session management is simpler and gives you control. If you're aiming for OAuth or dealing with external logins, that's when you might want to consider using JWT.

In my experience, if you're unsure about the need for JWT, you might be better off with plain session management through Spring Security. It's often one of the safest and easiest methods to secure your app. Remember, simplicity is key!

You should go with Spring Security regardless. It offers both session-based authentication and stateless options like JWT tokens. The difference mainly lies in how they manage session data: session information with traditional cookies is stored on the server, while JWT includes user info in the token itself and is validated with each request.