Cookies, Sessions and Tokens
Hello guys, sorry to disturb you all; I'm trying to make sense of those terms but they are not that clear. From what I have understand:
- Cookies: Use to store some data like user preference (like dark/light mode) - data persist even though browser is closed because data is stored on local machine; this has an expiry date.
- Session: Use to store data while the user is browsing; keep track of what user is doing such as logging in/shopping etc. (I'm still confused about that though, when we say keeping track of what user is doing, this seems vague)
- Tokens : Tokens are used for authentication; this enables a user to stay login for an amount of time.
Can someone just have a look whether the statements are correct and add more to that if needed please... I also have some question:
We say HTTP requests are stateless (meaning they don't remember anything); how do cookies/sessions/tokens handle that?
Also, I know we have a refresh and access tokens; why do we have 2 tokens? On certain websites, like facebook, if we log in and close the browser without signing out, it may happens we stay log in all the times unless the clear our history. Do tokens have a role to play here?
Last question, I also notice two terms, authentication and authorisation; what is the difference here please; authentication is when user log in for the first time; what about authorisation? (Sorry for the long question, really need to understand that)
- Cookies: Use to store some data like user preference (like dark/light mode) - data persist even though browser is closed because data is stored on local machine; this has an expiry date.
- Session: Use to store data while the user is browsing; keep track of what user is doing such as logging in/shopping etc. (I'm still confused about that though, when we say keeping track of what user is doing, this seems vague)
- Tokens : Tokens are used for authentication; this enables a user to stay login for an amount of time.
Can someone just have a look whether the statements are correct and add more to that if needed please... I also have some question:
We say HTTP requests are stateless (meaning they don't remember anything); how do cookies/sessions/tokens handle that?
Also, I know we have a refresh and access tokens; why do we have 2 tokens? On certain websites, like facebook, if we log in and close the browser without signing out, it may happens we stay log in all the times unless the clear our history. Do tokens have a role to play here?
Last question, I also notice two terms, authentication and authorisation; what is the difference here please; authentication is when user log in for the first time; what about authorisation? (Sorry for the long question, really need to understand that)
