6Oca
is access token using SHA256 secure?
I want to create a server where after the user logs the server gives them a randomly generated access token that is hashed using SHA256, that I store in the database a long with an expiration date, I thought this was secure, until I remembered that the access token basically acts as a temporary password, which a hacker can access easily and brute force until they find a match. and I've heard that using SHA256 to store your passwords is bad because they are easily brute forceable.
also I don't like JWT because of the The limitations, its statless, and its encoded (I know it can be encrypted but still) I know tokens should not include sensitive info, but I think its better if we hide any details from hackers.
Thank you
