J
J
Jorik_Wa2017-12-05 09:44:03
User identification
Jorik_Wa, 2017-12-05 09:44:03

What exactly is stored in authentication cookies?

What exactly is stored in authentication cookies - the secret authentication token itself or some not-so-secret token , like a "pre"-token, which is already being compared on the server with a real , secret token?
Or are these 2 methods actually the same thing?
I mean session based authentication. Token = secret id, hash, string - whatever.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
V
Vladimir Dubrovin, 2017-12-05
@z3apa3a

Cookies are used for organizing the session and not for authentication per se, i.e. cookies allow you to match the request and the session for which authentication has already passed, so tokens used in authorization (for example, OAuth) are not stored in cookies.
Another question is exactly how session data and cookies are compared, there can be several approaches:
1. Session data is stored on the server side, cookies are used as a key by which they are obtained, for example, from a database.
2. Session data is stored in the cookie itself, encrypted with the server's key, this avoids storing data on the server side.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question