Difference between cookies, session and tokens (re-upload, no music)
Vložit
- čas přidán 2. 06. 2024
- What are cookies, sessions, and tokens? Most web servers use cookies to send the session-ID after you log in.
🔻 Click on SHOW MORE 🔻
So the server will store the session information in the database while you will only have the session id in a cookie, which is stored in the filesystem of your computer.
Next time you request another page, your browser will automatically send a cookie containing your sessionId, which the server will check to see if it is valid.
The session-ID is randomly generated and should be hard to guess. If you log out, the session will be deleted on the server, but also the server will instruct the browser to delete the cookie containing the session-ID.
An alternative to this is to store information on the client and sign it. In this scenario, anyone holding the signature can quickly check if the data was manipulated or not. One way to do this is to use JSON Web Tokens (JWT tokens).
Let's now assume that you want to install an app on your phone, which can help you with your finances and keep track of your spendings. What you don't want to do is to give your username and password to this app, which was not created by your bank. This is when access tokens are being used to grant access to your data.
Technologies mentioned in this video:
JWT Tokens: jwt.io/
OAuth, OAuth2: oauth.net/
OpenId: openid.net/
#cookies #sessions #tokens
--
⭐️ Additional explanation ⭐️
[1] In the example shown, the user transitioned from a not-logged-in state (one session id) to a logged-in state (new session id). This is why you see two cookies. Make sure you check the HTTP requests for the Set-Cookie and Cookie headers.
[2] While both the Cookie/Set-Cookie and Authorization are headers, a browser will always treat the Cookie/Set-Cookie differently.
If this was helpful and you want to support me create more videos like this one, please consider subscribing.
👉 / @vdespa
--
⭐️ Video contents ⭐️
⌨️ 00:00 - Login example with cookies
⌨️ 05:26 - Recap: cookies and sessions
⌨️ 06:06 - Token-based authentication
⌨️ 09:20 - Difference between tokens vs session cookie
⌨️ 11:00 - Conclusion
--
⭐️ 💬 I have a question. ⭐️
I do my best to answer all comments here on CZcams but I cannot make any guarantees.
Please do not email me or contact me on other channels as I might not be able to answer. Sorry!
--
⭐️ 💡 I have a video idea ⭐️
Do you want me to create a video on a specific topic? Just fill out the form below:
forms.gle/uWEzXFQ2viJtZtvZ7
--
⭐️ 📩 Contact & Imprint ⭐️
👉 Follow me on Twitter:
/ vdespa
👉 Follow me on Medium:
/ vdespa
👉 Follow me on Facebook:
/ valentin-despa-1130381...
👉 Let's connect on LinkedIn:
/ vdespa
vdespa.com/imprint
Hey! Thank you very much for the content! Very clean and easy to get.
Glad it helped! You are welcome. Thank you for leaving a comment.
Thanks man!! when searched in youtube about cookies, it showed me your previous video(with music one). I see your were explaining very good, but I was very irritated with that music. I opened your channel and found this. Thank you very much. Please update the description of your previous video and mention the link of this video.
You are welcome. Thank you for leaving a comment.
THAT WAS SO ISUFULL FOR ME TO UNDERTAND AMONG SESSION , KOOKIE AND TOKEN .
Thank you so much.
Did you ever make the video that shows how to use session id with postman?
Great explanation. Very clear. Thanks man.
What happen if you connect from your computer using 2 different web navigators to the same web site ? Do you receive 2 cookies or the same ? And if it is 2, how are they stored on the web server ?
Thanks for your kind words. Typically they are two different sessions, so the cookies are not the same.
@@vdespa Thanks.
Could you explain how works the cookie stealing ? If a cookie is linked to a web navigator session how and from where an attacker can use the cookie he has stolen ?
Cool, thanks for your efforts 👌
Thanks for watching! You are welcome. Thank you for leaving a comment.
Thanks
You are welcome. Thank you for leaving a comment.
good
Thanks! Glad that you liked it.
thk u
You're welcome!
pls review the video. At 1:57
Thanks for reporting. I will look into this.