Auth

auth.md

Using session Cookie VS. JWT for Authentications

• Can you explain the steps that take place when a user signs in to a website?

• Where are each of session/cookie and JWT data stored?

• Which technology is stateful and which is stateless and what is the different between both?

• What are the advantages and disadvantages of each of them in your opinion?

• Overall which one would you prefer to use and why?

Mohamad Sheikh Alshabab, Mohamad ms, Ahmad Jouma

q1 -
1- A user reaches a login page on a website they have previously created an account with.
2- The user provides their unique ID and key to verify their identity.
3- The login credentials are compared against the originals stored in the website’s server.
4- If they match, the user is authenticated and provided access to their account.

---

q2-

• Session: is stored on the server.
• Cookie: is stored on the client-side.
• JWT: can stored on the client-side or the server.

---

q3-

• Session Cookies: STATEFUL

• JWT ( JSON Web Tokens): STATELESS

• Stateless is more scalable, simpler and doesn't store the data, while STATEFUL is the opposite.

---

q4-

• Sessions: Sessions rely on server-side storage and are inherently stateful, which can be a drawback in modern microservices and distributed systems.
• JWT: JWTs are stateless, which can be advantageous for scalability but challenging for scenarios requiring centralized session management.

---

q5- we prefer JWT for simplicity and scalability.

Team Members : Abdullah Alawad , Lujain Mansour, Lin

Q.1 1- on the login page using POST request (form submission), the server extracts the entered username and password from the form data.
2- User Authentication:
The server checks if the entered username exists in the user database.
If the username is found, it compares the hashed version of the entered password with the stored hashed password for that user.

3-Session Creation:
If the authentication is successful, a session is created. In this example, the username is stored in the session using session object.

4-Redirect to for example: Dashboard (the selected page to redirect after logging in):
The user is then redirected to the /dashboard route.

5-Dashbord Route (/dashboard) and check Authentication:
The /dashboard route is defined to display the user's dashboard and it will check if the user is authenticated by verifying the presence of the 'username' in the session.

6-Display Dashboard or Redirect:
If authenticated, the server displays a welcome message on the dashboard. If not authenticated, the user is redirected back to the login page.

Q.2) Session and Cookie Data: Stored on the client side.
JWT Data (JSON Web Token) :
Primarily stored on the client side, but can also be stored on the server side. Session and cookie data are often used in traditional web applications; JWTs have become popular in modern.

Q.3) Stateful and stateless are terms often used to describe the behavior of computer systems, applications, or protocols.
Stateful technologies: A stateful system retains information about the current state of a user's interactions or the overall system's status it is like TCP, keeps tracking and stores past interactions and maintaining a state.
Stateless technologies: stateless system does not store information about the state of a user's interactions or the overall system's status between requests it is like HTTP, treat each request independently without remembering past states. Stateful can offer context but may be resource-intensive, while stateless is simpler and more scalable but lacks context between interactions.

Q.4 Advantages of Stateful Systems:
Can offer a more user-friendly and personalized experience.
Simplifies certain aspects of application development.

Disadvantages of Stateful Systems:
Increased server overhead and potential scalability issues.
Dependency on server-side storage, which can be a single point of failure.

Advantages of Stateless Systems:
Improved scalability and performance due to reduced server-side storage requirements.
Easier to distribute requests across multiple servers (load balancing).

Disadvantages of Stateless Systems:
Some applications may find it challenging to implement certain features without session data.
Increased data transfer with each request, potentially impacting network performance.

Q.5)choosing session cookies for simplicity and ease of use. Opt for JWTs for stateless, scalable applications, considering their versatility despite potential complexity. The decision hinges on your specific application requirements.