Cookie-Based Authentication vs Token-Based Authentication

Image by

Cookies are small pieces of information that allow a website to recognize a user and their preferences.

Cookie-Based Authentication
Pass the credentials to the server
Response with ‘set-cookie’ header
The cookie is added as a Response Cookie
Cookie cookie = new Cookie("cookie1" , "xxx");
Cookie cookie = new Cookie("cookie1" , "xxx");
cookie.setMaxAge(60); //sets expiration after one minute
cookie.setSecure(true);// declares the cookie may only be transmitted using a secure connection
cookie.setHttpOnly(true);// prevents client-side scripts from accessing data

JSON Web Token (JWT) is an open standard of transmitting information securely between two parties.

Cookie-Based Authentication
Pass the user credentials
Pass the authorization code
Token as the response



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store