Answer the question
In order to leave comments, you need to log in
J
J
Jorik_Wa2017-12-05 09:44:03
Jorik_Wa, 2017-12-05 09:44:03
What exactly is stored in authentication cookies?
What exactly is stored in authentication cookies - the secret authentication token itself or some not-so-secret token , like a "pre"-token, which is already being compared on the server with a real , secret token?
Or are these 2 methods actually the same thing?
I mean session based authentication. Token = secret id, hash, string - whatever.
1 answer(s)
@z3apa3a
V
Vladimir Dubrovin, 2017-12-05 @z3apa3a
Cookies are used for organizing the session and not for authentication per se, i.e. cookies allow you to match the request and the session for which authentication has already passed, so tokens used in authorization (for example, OAuth) are not stored in cookies.
Another question is exactly how session data and cookies are compared, there can be several approaches:
1. Session data is stored on the server side, cookies are used as a key by which they are obtained, for example, from a database.
2. Session data is stored in the cookie itself, encrypted with the server's key, this avoids storing data on the server side.
Similar questions
M
M
A
A
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question