-
Can you explain the steps that take place when a user signs in to a website?
-
Where are each of session/cookie and JWT data stored?
-
Which technology is stateful and which is stateless and what is the different between both?
-
What are the advantages and disadvantages of each of them in your opinion?
-
Overall which one would you prefer to use and why?
-
-
Save Kishimoto96/d868e8c4f42a5ef895178ab7b7d68b0a to your computer and use it in GitHub Desktop.
cookies vs jwt for auth
@motaz99, @tareq, @rayan, @nour KRIMESH
-
- User submits login credentials
- Backend verifies user credentials
- Backend creates a session and stores session ID in a cookie
- Backend redirects user to dashboard/homepage
- For subsequent requests, browser includes session ID cookie in HTTP request headers
- Backend retrieves user's identity and information from session store/database using session ID
- When user logs out, backend destroys session by deleting session ID and associated data from session store/database and
clearing session ID cookie from browser.
-
- Session data is stored on the server-side and identified through a session ID cookie on the client-side.
- Cookies are stored on the client-side and can hold login information, including session ID.
- JWT data is stored on the client-side, either in a cookie or local storage, and sent to the server with each request for
authentication.
-
- Stateful technologies (like PHP, Ruby on Rails, and Django) maintain client-specific data on the server and use this data to
process subsequent requests.
2. Stateless technologies (like React and Vue) do not maintain any client-specific data on the server and treat each request as a
new request.
- Stateful technologies (like PHP, Ruby on Rails, and Django) maintain client-specific data on the server and use this data to
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Room members: @sheidanouri @cyberRasam @afrakucukaydin Harith Riyadh
1- The user navigates to the website and clicks on the "Sign In" button or link.
The website presents a login page where the user can enter their credentials, such as their username and password.
The user enters their credentials and clicks on the "Sign In" button.
The website verifies the user's credentials by checking them against a database or other source of authentication information.
If the credentials are valid, the website creates a session for the user, which is typically represented by a unique session ID or token. This session is used to keep track of the user's activity on the website, such as the pages they visit and the actions they take.
The website redirects the user to their account dashboard or a landing page for authenticated users.
The user can now access the features and functionality that are available to authenticated users, such as their account information, preferences, or the ability to perform certain actions on the website.
2- Session and cookie data are typically stored on the client-side, while JWT data is typically stored on the server-side. Session data is typically stored on the server, although some implementations may use client-side storage options such as cookies or local storage. In contrast, JWT data is typically stored on the server-side.
3- A stateful system maintains information about the current state of the user's session or interaction. This means that the system stores data about the user's previous interactions with the system and uses that information to make decisions about what to do next.
A stateless system does not maintain information about the user's previous interactions. Instead, each request that the user makes to the system contains all the information needed to process that request, and the system does not store any information about the user's session or interaction.
4- In stateful systems, the server maintains information about the user's session, which allows the system to provide personalized experiences and remember user preferences. However, this can also make the system more complex and harder to scale, as the server must store and manage state information for each user. In contrast, stateless systems are simpler and easier to scale, but may require additional effort to implement user-specific features and preferences.
5- Stateful systems maintain information about the user's session or interaction, while stateless systems do not. Each approach has its own benefits and drawbacks, and the choice between them depends on the specific requirements of the system and the needs of its users.