Kishimoto96/jwtAndCookies.md

Forked from halitbatur/jwtAndCookies.md

Created May 11, 2023 12:54

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/Kishimoto96/d868e8c4f42a5ef895178ab7b7d68b0a.js"></script>
Save Kishimoto96/d868e8c4f42a5ef895178ab7b7d68b0a to your computer and use it in GitHub Desktop.

cookies vs jwt for auth

Raw

Using session Cookie VS. JWT for Authentications

Can you explain the steps that take place when a user signs in to a website?
Where are each of session/cookie and JWT data stored?
Which technology is stateful and which is stateless and what is the different between both?
What are the advantages and disadvantages of each of them in your opinion?
Overall which one would you prefer to use and why?

1. User submits login credentials
2. Backend verifies user credentials
3. Backend creates a session and stores session ID in a cookie
4. Backend redirects user to dashboard/homepage
5. For subsequent requests, browser includes session ID cookie in HTTP request headers
6. Backend retrieves user's identity and information from session store/database using session ID
7. When user logs out, backend destroys session by deleting session ID and associated data from session store/database and
  clearing session ID cookie from browser.
1. Session data is stored on the server-side and identified through a session ID cookie on the client-side.
2. Cookies are stored on the client-side and can hold login information, including session ID.
3. JWT data is stored on the client-side, either in a cookie or local storage, and sent to the server with each request for
  authentication.
1. Stateful technologies (like PHP, Ruby on Rails, and Django) maintain client-specific data on the server and use this data to
  process subsequent requests.
  2. Stateless technologies (like React and Vue) do not maintain any client-specific data on the server and treat each request as a
  new request.