Difference between cookies, session and tokens
So what are cookies, sessions, and tokens?
Most web servers use cookies to send the session-ID after you login.
So the server will store the session information in the database while you will only have the session id in a cookie, which is stored in the filesystem of your computer.
The session-ID is randomly generated and should be hard to guess. If you log out, the session will be deleted on the server, but also the server will instruct the browser to delete the cookie containing the session-ID.
Next time you request another page, your browser will automatically send a cookie containing your sessionId, which the server will check to see if it is valid.
An alternative to this is to store information on the client and to sign it. In this scenario, anyone holding the signature can quickly check if the data was manipulated or not. One way to do this is to use JSON Web Tokens or JWT tokens.
Let's now assume that you want to install an app on your phone, which can help you with your finances and keep track of your spendings. What you don't want to do is to give your username and password to this app, which was not created by your bank. This is when access tokens are being used to grant access to your data.
Technologies mentioned in this video:
JWT Tokens: https://jwt.io/
OAuth, OAuth2: https://oauth.net/
OpenId: https://openid.net/
___
___
// POSTMAN COMPLETE GUIDE ONLINE COURSE
👉 Want to learn more about Postman? Check my Postman online course.
Get it at a special price and help support this YouTube channel:
https://vdespa.com/courses/?q=YOUTUBE
___
// I HAVE A QUESTION!
I do my best to answer all comments here on YouTube but I cannot make any guarantees.
If you have a question, it is best to ask your question on the Postman User Group on Facebook or on the Postman Community (links below).
If you have purchased the Postman Online Course, please use the Q&A section or send me a message on Udemy.
Please do not email me or contact me on other channels as I might not be able to answer. Sorry!
___
// I HAVE A VIDEO IDEA
Do you want me to create a video on a specific topic? Just fill out the form below:
https://forms.gle/uWEzXFQ2viJtZtvZ7
___
// P L A Y L I S T S
▸ Learn Postman | http://bit.ly/2CFaf70
▸ Postman Crash Course | http://bit.ly/2YwEBBT
▸ Postman Tips & Tricks | http://bit.ly/2JLkXyU
___
// F R E E R E S O U R C E S
▸▸▸ DOWNLOAD the FREE Postman Quick Reference Guide
http://bit.ly/postman-quick-reference-yt
▸▸▸ JOIN the Postman User Group on Facebook
http://bit.ly/2OutAMZ
▸▸▸ The OFFICIAL Postman community forum
https://community.getpostman.com/
▸▸▸ 👉 Subscribe to the "Testing and automation with Valentine" newsletter for bi-weekly tutorials, tips, and news from the industry.
http://eepurl.com/gPwpU1
___
// YOUR SUPPORT ON PATREON MATTERS
If you enjoy this content, help me create more like this. Consider supporting me on Patreon.
https://patreon.com/vdespa
___
// IMPRINT
http://vdespa.com/imprint
---
Видео Difference between cookies, session and tokens канала Valentin Despa
Most web servers use cookies to send the session-ID after you login.
So the server will store the session information in the database while you will only have the session id in a cookie, which is stored in the filesystem of your computer.
The session-ID is randomly generated and should be hard to guess. If you log out, the session will be deleted on the server, but also the server will instruct the browser to delete the cookie containing the session-ID.
Next time you request another page, your browser will automatically send a cookie containing your sessionId, which the server will check to see if it is valid.
An alternative to this is to store information on the client and to sign it. In this scenario, anyone holding the signature can quickly check if the data was manipulated or not. One way to do this is to use JSON Web Tokens or JWT tokens.
Let's now assume that you want to install an app on your phone, which can help you with your finances and keep track of your spendings. What you don't want to do is to give your username and password to this app, which was not created by your bank. This is when access tokens are being used to grant access to your data.
Technologies mentioned in this video:
JWT Tokens: https://jwt.io/
OAuth, OAuth2: https://oauth.net/
OpenId: https://openid.net/
___
___
// POSTMAN COMPLETE GUIDE ONLINE COURSE
👉 Want to learn more about Postman? Check my Postman online course.
Get it at a special price and help support this YouTube channel:
https://vdespa.com/courses/?q=YOUTUBE
___
// I HAVE A QUESTION!
I do my best to answer all comments here on YouTube but I cannot make any guarantees.
If you have a question, it is best to ask your question on the Postman User Group on Facebook or on the Postman Community (links below).
If you have purchased the Postman Online Course, please use the Q&A section or send me a message on Udemy.
Please do not email me or contact me on other channels as I might not be able to answer. Sorry!
___
// I HAVE A VIDEO IDEA
Do you want me to create a video on a specific topic? Just fill out the form below:
https://forms.gle/uWEzXFQ2viJtZtvZ7
___
// P L A Y L I S T S
▸ Learn Postman | http://bit.ly/2CFaf70
▸ Postman Crash Course | http://bit.ly/2YwEBBT
▸ Postman Tips & Tricks | http://bit.ly/2JLkXyU
___
// F R E E R E S O U R C E S
▸▸▸ DOWNLOAD the FREE Postman Quick Reference Guide
http://bit.ly/postman-quick-reference-yt
▸▸▸ JOIN the Postman User Group on Facebook
http://bit.ly/2OutAMZ
▸▸▸ The OFFICIAL Postman community forum
https://community.getpostman.com/
▸▸▸ 👉 Subscribe to the "Testing and automation with Valentine" newsletter for bi-weekly tutorials, tips, and news from the industry.
http://eepurl.com/gPwpU1
___
// YOUR SUPPORT ON PATREON MATTERS
If you enjoy this content, help me create more like this. Consider supporting me on Patreon.
https://patreon.com/vdespa
___
// IMPRINT
http://vdespa.com/imprint
---
Видео Difference between cookies, session and tokens канала Valentin Despa
Показать
Комментарии отсутствуют
Информация о видео
Другие видео канала
Authentication on the Web (Sessions, Cookies, JWT, localStorage, and more)
What is JWT authorization really about - Java Brains
SSL, TLS, HTTP, HTTPS Explained
OAuth 2.0 and OpenID Connect (in plain English)
Cookie Stealing - Computerphile
Sessions & Cookies
cookies vs localStorage vs sessionStorage - Beau teaches JavaScript
HTTP Cookies Crash Course
How cookies can track you (Simply Explained)
How does HTTPS work? What's a CA? What's a self-signed Certificate?
Everything You Ever Wanted to Know About Authentication
JavaScript Cookies vs Local Storage vs Session
What Are Cookies? And How They Work | Explained for Beginners!
What Is JWT and Why Should You Use JWT
An Illustrated Guide to OAuth and OpenID Connect
Cross-Site Request Forgery Attack
How Session and Cookies Works in PHP
What is REST API? | Web Service
How exactly the Sessions and Cookies work? || Session Management || Spring MVC || @SessionAttributes
HTTP Crash Course & Exploration