Here's something better than JWT that most Devs are unaware of and risking their user's confidential data on client-side.