When we talk about session data, is that just the data that gets returned from the server? Is it a subset of all user data?
If you store actual session data related to the user inside the cookie, then the session data is that. It's not a great idea because if the cookie gets spoofed the third party will know information about your user.
If instead you only store the token (the VIP pass) in the cookie, the session data resides on the server and it will be used to populate the next HTML response (eg. Hi Max, access your profile) or any other response format the client ask for. That's when the info about the user gets sent back to the server.
You, in your application, decide what "user data" is. It could be just a name, it could be anything attached to a single user
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Your description is correct.
If you store actual session data related to the user inside the cookie, then the session data is that. It's not a great idea because if the cookie gets spoofed the third party will know information about your user.
If instead you only store the token (the VIP pass) in the cookie, the session data resides on the server and it will be used to populate the next HTML response (eg. Hi Max, access your profile) or any other response format the client ask for. That's when the info about the user gets sent back to the server.
You, in your application, decide what "user data" is. It could be just a name, it could be anything attached to a single user