One Pager Cheat Sheet

• Authentication is the process of exchanging user credentials for a unique identification, and this tutorial will compare two of the most commonly used authentication types and list their pros and cons.
• Cookie-based authentication uses a session cookie stored in the browser's local storage to verify and maintain a user session over a stateless HTTP protocol.
• Cookie-based authentication uses HTTP cookies to maintain session information and authenticate client requests over the stateless HTTP protocol, utilizing the Set-Cookie response header to remember user information.
• Cookie-based authentication provides fully automated and stateful convenience, but can be susceptible to certain security risks if not used appropriately.
• Cookie-based authentication makes the application stateful, providing personalization and access control, but rendering it vulnerable to CSRF attacks, thus disadvantaging it.
• Token-based authentication utilizing JWT (JSON Web Token) involves four steps including creating an encrypted token, adding it as an authorization header, decoding the token via jwt.io, and verifying its signature.
• JWT is the most popular and widely used type of token authentication due to its secure transmission of data, self-contained features, and ease of use, flexibility, and security.
• Token-based authentication can provide a stateless, scalable and decoupled authentication solution with additional data storage capabilities, as well as being mobile-ready; however, it can be susceptible to XSS attacks, token size can be an issue, and tokens cannot authenticate a user in the background on the server.
• JWT stands for JSON Web Token and is an open standard that enables the secure transmission of valid JSON data, allowing for the inclusion of customized data in the token itself.
• We can choose between cookie-based or token-based authentication, depending on if we need user profiles to be personalized, track analytics, or make use of different domains & platforms.