DEV Community

Ramu Ummadishetty
Ramu Ummadishetty

Posted on

1

Token vs Session Based Authentication

Session based authentication

  • In session based authentication server stores the user information and each users has a corresponding session ID to validate them.
  • Session based or token based authentication is a process that allows the server to handle multiple requests from the same user without asking the user to login again
  • When user log out server ends the session or invalidate the token and revokes the authentication

Most of the time this session ID and Token is shared to browser in form of HTTP cookie. For each request this cookie is included for validating the user

Token based Authentication

  • Token-based authentication system stores this info directly in some sort of token.
  • Using token server decodes it for user identity and it reduces the process of storing the session ID's

Token auth flow

  • Users login with their credentials.
  • Those credentials are provided to server for validation and if those are valid a signed token will be given to user
  • For each request and response this signed token is included for user identity
  • This token can be included in headers or cookies
  • Every time server upon validating the token shares the resources for user

Token security

  • Integrity of token is protected by signing the token and verifying its signature each time when it arrives at server
  • Server uses secret key to generate the special string for signing the token. If any user or third party tampers the token signature will be not valid

Check for JSON Web Tokens here

Image of Datadog

The Future of AI, LLMs, and Observability on Google Cloud

Datadog sat down with Google’s Director of AI to discuss the current and future states of AI, ML, and LLMs on Google Cloud. Discover 7 key insights for technical leaders, covering everything from upskilling teams to observability best practices

Learn More

Top comments (0)

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs