Definition

JSON Web Token (JWT) (RFC 7519) is a method which defines a compact, self-contained, server-less authentication method.

HTTP Cookie authentication works with HTTP/1.1 (RFC 6265). Used by HTTP servers to store state (called cookies) at HTTP user agents, letting the servers maintain a stateful session over the mostly stateless HTTP protocol.

Cookie-based Authentication

1. Request with Cookie attached is sent to server.
2. Server receives, decrypts cookie and extracts session ID.
3. The server queries session store (e.g., Redis) to verify if it’s valid and active.
   1. If it exists, user and other info can be stored there session_id_123456 => { user_id: 789, username: 'john_doe', etc. }
4. If authenticated, process request.
5. Return 440 if token expired. 401 if unauthorized.

• keep in mind

JWT-based Authentication

1. Request with Token attached is sent to server.
2. Server receives, decrypts, extracts token, checks signature and expiration.
3. If valid, process request.
4. Return 440 if token expired. 401 if unauthorized.

• keep in mind