This article is a part of a new series of articles called "Short Notes" which allows beginners to understand different concepts about webdev within 5 minutes .
So What Are Those
Different Approaches : There are 2 main ways to implement user authentication. There are others but for we are going to mainly focus on this methods. Short notes for other authentication methods will be released soon.
1 . Cookie Session
Cookie Session is one of the conventional methods. This authentication mechanism begins when users fill out their credentials and submit them to a server, which is validated by the server and if the provided credentials are valid, then the server creates a session in the database and responds with a session id and the session id will be saved in a place where the browser stores key-value pairs called the cookie jar. This id is sent back to the server as the key to the server on every subsequent request and if all goes right, the server will respond back with appropriate data. But it has some drawbacks as you need to store session IDs in the database because most modern applications scale horizontally and this can be a huge pain.
2. Token Authentication
This approach solves the issue of scaling . As the client submits the credentials to the server instead of storing a session id it generates a JSON Web Token with a private key stored in the server. Then it is sent back to the browser and it is usually stored in the local storage for any request requiring authentication. The JSON Web Token will be added to the authorization header prefixed by a bearer . The only thing the server has to do is to validate the signature . It is more efficient than searching for tokens in the db . At the end, all you have to remember is that in session authentication state is handled by the server while tokens are handled by the client side. If you want to know more you can give MDN DOCS a visit.
Top comments (3)
if you find my article informative please consider sharing
This is really nice Alestor keep it up!!
Thanks Bro !!