cookies,sessions and tokens

 Pretty sure you have heard of it. But it make some confusion no?😓

Taking the example of login app: when you tape a username and password it will be sent to the server to verify it.

When the verification is complete it will create a ‘cookie’ with the session ID. It means that the site knows that it’s truly you. And that you are using the app right now.

If you log out, the server will delete the session info and its ID and will order your browser to do the same to the generated session ID.

If you steel logged inside the app, when you check other pages inside it you don’t need to login again.😉

Because the browser will send the stored ID to verify.

So the cookie is only a medium to transport the session ID.

Cookies can store other things like last visited page or preferred color…all this in the browser.

Whereas, session is a group of data related to a user but stored in the server.

Unfortunately, this method, cookie-based authentication, is no longer famous to use compared to token-based authentication.

Have you heard of JSON Web Token?

It’s the famous way to implement tokens. But first what are tokens? A token is simply a string that the server generate and can be passed through an HTTP request. This doesn’t require browser storage with an expiration date and can be sent in each request so it’s a way much secure preferable. The concept is similar to the previous one and here’s an explaining schema.

example of token-based authentication

example of cookie-based authentication.

hope you like . please give me feedbacks😀