Authentication Types and How They Work
There are two main ways to handle authentication on the backend: stateful and stateless.
**
Stateful Authentication:
**
What it does: Stateful authentication keeps track of users' login status on the server.
How it works:
When you log in, the server creates a special ID for you and remembers it along with your details.
Each time you visit a page, you send this ID to the server to prove you're logged in.
When you log out, the server deletes this ID, kicking you out.
Good things about it:
It's good for banking apps or other secure places because it can control how long you stay logged in.
It's easy for the server to kick out troublemakers by deleting their ID.
Not-so-good things:
It can get tricky to handle lots of people logging in and out, especially on big websites.
Sometimes, if the server messes up, you might get logged out for no reason.
**
Stateless Authentication:
**
What it does: Stateless authentication doesn't keep track of your login status on the server.
How it works:
When you log in, the server gives you a special code called a token.
You keep this token and show it to the server whenever you need to do something.
The server checks the token to make sure it's real and lets you in.
Good things about it:
It's good for websites that need to handle lots of people at once because it's simpler for the server.
It's easy to use with newer kinds of server setups.
Not-so-good things:
You have to be careful with your token because if someone steals it, they can pretend to be you.
Sometimes, it can be hard to keep track of who's logged in because the server doesn't remember.
Top comments (0)