DEV Community

Discussion on: What dev topic do you think you should understand, but don't?

 
maxverse profile image
Max Pekarsky • Edited

Thank you so much! This was a seriously fantastic explanation at just the right level of complexity. I'm going to go over it a couple of times when I get home from work, but here's the ELI5 version, if I understand correctly: a cookie is a special HTTP request header that contains a secret string and acts like a sort of VIP pass. Every time we send a request to the server, as long as the cookie hasn't expired yet, this "pass" is shown to the server, which grants us user data without having to supply user authentication info.

When we talk about session data, is that just the data that gets returned from the server? Is it a subset of all user data?

Thread Thread
 
rhymes profile image
rhymes • Edited

Your description is correct.

When we talk about session data, is that just the data that gets returned from the server? Is it a subset of all user data?

If you store actual session data related to the user inside the cookie, then the session data is that. It's not a great idea because if the cookie gets spoofed the third party will know information about your user.

If instead you only store the token (the VIP pass) in the cookie, the session data resides on the server and it will be used to populate the next HTML response (eg. Hi Max, access your profile) or any other response format the client ask for. That's when the info about the user gets sent back to the server.

You, in your application, decide what "user data" is. It could be just a name, it could be anything attached to a single user