Understanding these backstage maneuvers helps us build secure, seamless experiences.
Session: A session is a way to store information about a user's interaction with a web application across multiple requests. When you log into a website, a session is created on the server to keep track of your login status. The server identifies you through a unique session ID, usually stored in a cookie on your browser.
❤️
rohit
Tokens: Tokens are used to manage user sessions as well, but they are a bit different from session IDs. A token is a string of characters that is passed between the client and the server to verify a user's identity and permissions. Tokens are often used in APIs (Application Programming Interfaces) to allow authenticated users to access certain resources.
rohit
JWT (JSON Web Tokens): JWTs are a type of token that includes JSON objects, which can store a user's information and are signed for security. They are self-contained, meaning they have all the necessary information about a user, so the server doesn't need to keep a session store. This is especially useful in distributed systems where an application needs to scale without maintaining session information across multiple servers.
rohit
SSO (Single Sign-On): SSO is a user authentication process that allows a user to access multiple applications with one set of login credentials. For example, if you log in to your company's system, you can access various internal applications without needing to log in separately for each one. This is convenient for users and reduces the number of passwords they need to remember.
rohit
OAuth: OAuth is an open standard for access delegation. It allows you to give permission to third-party services to access your information on other services without exposing your password. For example, when a website allows you to log in using your Google account, it's using OAuth. Google confirms your identity and informs the website that it's okay to let you in without the website ever seeing your Google password.