DEV Community

Discussion on: What dev topic do you think you should understand, but don't?

 
rhymes profile image
rhymes • Edited

Your description is correct.

When we talk about session data, is that just the data that gets returned from the server? Is it a subset of all user data?

If you store actual session data related to the user inside the cookie, then the session data is that. It's not a great idea because if the cookie gets spoofed the third party will know information about your user.

If instead you only store the token (the VIP pass) in the cookie, the session data resides on the server and it will be used to populate the next HTML response (eg. Hi Max, access your profile) or any other response format the client ask for. That's when the info about the user gets sent back to the server.

You, in your application, decide what "user data" is. It could be just a name, it could be anything attached to a single user