Skip to content

Instantly share code, notes, and snippets.

@halitbatur

halitbatur/jwtAndCookies.md

Created June 2, 2022 09:11
Show Gist options
  • Save halitbatur/d93379acad5d3dca19fc866ba7e19cb4 to your computer and use it in GitHub Desktop.
Save halitbatur/d93379acad5d3dca19fc866ba7e19cb4 to your computer and use it in GitHub Desktop.
Download ZIP
cookies vs jwt for auth
Raw
jwtAndCookies.md

Using session Cookie VS. JWT for Authentications

write your answers in the comments below:

  • Can you explain the steps that take place when a user signs in to a website?

  • Where are each of session/cookie and JWT data stored?

  • Which technology is stateful and which is stateless and what is the different between both?

  • What are the advantages and disadvantages of each of them in your opinion?

  • Overall which one would you prefer to use and why?

@khaldarov
Copy link

khaldarov commented Jun 2, 2022
edited
Loading

Sara Hamoud, Adnan Khaldar, Yaman Rajab

Can you explain the steps that take place when a user signs in to a website.

  • The users enters their credentials (information) on the website’s login form.
  • The credentials is then sent to the authentication server with hashing the password section.
  • In case credentials matches the pair registered (the username and the password) the system will authenticate the users and grant them access to their accounts.
  • In case of no match, the users will get an error message or prompt, asking them to check their info and try again.

Where are each of session/cookie and JWT data stored?

  • Session’s cookies are stored in the client side containing session ID, and the session, itself, is stored on the server side.
  • JSON Web Tokens are stored in the client side.

Which technology is stateful and which is stateless, and what is the difference between both?

HTTP, DNS, and UDP use stateless protocol.

  • does not require the server to retain the server information or session details,
  • there is no tight dependency between server and client,
  • are easy to implement in Internet.

FTP (File Transfer Protocol), and Telnet use stateful protocol.

  • requires server to save the status and session information.
  • there is tight dependency between server and client
  • are logically heavy to implement in Internet.

What are the advantages and disadvantages of each of them in your opinion?

Stateless:

Advantages:

  • Does not require the server to retain information about the state.
  • Server design, implementation and architecture is simple.
  • Handles crashes well, as we can fail over to a completely new server, and servers are regarded cheap commodity machines
  • Scaling architecture is easy.

Disadvantages:

  • They may decrease network performance by increasing the repetitive data sent in a series of requests.

Stateful :

Advantages:

  • Stateful Protocols provide better performance to the client by keeping track of the connection information.

Disadvantages

  • Requires server to save information about a session.
  • Server design, implementation and architecture is complicated.
  • Does not handle crashes well.
  • Servers are considered pricey but long living.
  • The user would probably be logged out and have to start from the beginning.
  • Scaling architecture is difficult and complex.

Overall which one would you prefer to use and why?

Regarding the advantages of stateless and the disadvantages of stateful protocol, I would choose the stateless protocol.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment