Cookie-Based Authentication vs Token-Based Authentication

Image by https://rb.gy/viaixe

Cookies are small pieces of information that allow a website to recognize a user and their preferences.

Cookie-Based Authentication
Pass the credentials to the server
Response with ‘set-cookie’ header
The cookie is added as a Response Cookie
Cookie cookie = new Cookie("cookie1" , "xxx");
response.addCookie(cookie);
Cookie cookie = new Cookie("cookie1" , "xxx");
cookie.setMaxAge(60); //sets expiration after one minute
cookie.setSecure(true);// declares the cookie may only be transmitted using a secure connection
cookie.setHttpOnly(true);// prevents client-side scripts from accessing data

JSON Web Token (JWT) is an open standard of transmitting information securely between two parties.

[header].[payload].[signature]
eyJhbGciOiJIUzI1NiJ9.eyJuYW1lIjoiSm9lIENvZGVyIn0.5dlp7GmziL2QS06sZgK4mtaqv0_xX4oFUuTDh1zHK4U
Cookie-Based Authentication
Pass the user credentials
Pass the authorization code
Token as the response

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store