• About us
  • Advertising
  • Send Press Release
  • ICT Indicators
Saturday, February 4, 2023
  • Login
TechSansar.com • Nepal Information and Technology Navigator Website from Nepal
  • Startups
  • Tech Events
    • Submit Tech Events in Nepal
  • Services
    • Shop
    • Web hosting Features
    • Projects initiated by Team TechSansar
    • Windows Apps developed by Team TechSansar
  • Top Posts
    • ICT Organizations in Nepal
    • Top Websites in Nepal
    • Trending Topics related to Nepal
    • Wi-Fi Access Directory Nepal
    • SEO Guide to Nepalese Bloggers – नेपाली ब्लगरहरुलाई SEO सम्बन्धि सुझावहरु
  • Market
    • LG TV Prices
    • Galaxy Tablet Prices
    • Samsung TV Prices
  • Categories
    • Gadgets
    • Nepali IT
    • Telecom
    • Freebies
  • QnA
    • Ask a Question
  • नेपाली संस्करण
Shop
TechSansar.com • Nepal Information and Technology Navigator Website from Nepal
  • Startups
  • Tech Events
    • Submit Tech Events in Nepal
  • Services
    • Shop
    • Web hosting Features
    • Projects initiated by Team TechSansar
    • Windows Apps developed by Team TechSansar
  • Top Posts
    • ICT Organizations in Nepal
    • Top Websites in Nepal
    • Trending Topics related to Nepal
    • Wi-Fi Access Directory Nepal
    • SEO Guide to Nepalese Bloggers – नेपाली ब्लगरहरुलाई SEO सम्बन्धि सुझावहरु
  • Market
    • LG TV Prices
    • Galaxy Tablet Prices
    • Samsung TV Prices
  • Categories
    • Gadgets
    • Nepali IT
    • Telecom
    • Freebies
  • QnA
    • Ask a Question
  • नेपाली संस्करण
TechSansar.com • Nepal Information and Technology Navigator Website from Nepal
No Result
View All Result

Session vs Token Authentication in Information Security

2 years ago
in Software
Reading Time: 10 mins read
0 0
A A
1
session vs token
Share on FacebookShare on TwitterShare on LinkedInQR Code

User authentication is a key concern for any modern web project. Not just web but authentication is used in almost every sector such as banking, governments, and many others. For the purpose of user authentication in web or mobile apps two main ways which are Session and Tokens. In this explanatory article, we discuss session vs token authentication necessity and mechanism.

Authentication is the process of verifying whether the user who they claim they are. Let’s consider a simple example of ABC Bank, before fully digging into session vs authentication chapter.

Authentication example where end-user attempts to login using username and password to the cloud-based backend of the banking service.
Authentication example where end-user attempts to login using username and password to the cloud-based backend of the banking service.

In the initial stage, a user is presented with the login screen as shown on the left side of the image. As the user enters the login credentials, the request is handled by the backend service and validates with the database or cloud server.

The authenticity of the login credentials are checked and the response is sent to the user by the backend. If the user is valid, a success request is sent and the user can access the services provided otherwise the authentication is not granted and the user cannot access the system.

As the access is granted a session is created in the database along with the login event and provides the session-id in form of a cookie.

Other similar Posts

👍 Nepal moves 15 spots up in Global Cybersecurity Index 2021

Why It Is Important to Consider Using Electronic Signature for Your Businesses

Session – what is it?

The session can be defined as the way or method of authenticating a user without them having to type the username and password every time they need to access the system which requires authenticity.

The process begins with the user filling out their login credentials and submitting it to the server. The server validates and creates a session on the database and then responds with a session-id. The session-id is stored in the browser as cookies which will be sent back to the server on each subsequent request.

Then the server responds with the context that is authentic for the currently signed-in user. A stateful session is in between the client, backend, and the server.

Session-Based Authentication flow
Mechanism of Session Based Authentication flow
Mechanism of Session Based Authentication flow
Example of Session Management

Let’s take the example of Facebook. Initially, we need to type in our username and password to get into the website or mobile app to confirm that we are the owner of the account.

If there would be no service of session management, image how annoying it would be typing in username and password for every little thing such as uploading a picture, comments, likes, and so on.  This would be necessary if there was no session management system because Facebook wants to confirm that you are the account owner before doing those little things.

With the presence of session-id, Facebook knows the account belongs to us and thus lets us perform those operations without that login stuff.

Drawbacks of session-based authentication
  • Every authentication server creates a new session and stores it into the server. With the presence of an excessive number of users, it creates a heavy load onto the server.
  • As the session gets stored in the server memory, it creates a problem with scalability.
  • Vulnerable to CSRF (Cross-site request forgery) attack.

Token – what is it?

Token-based authentication is one of the better ways of authentications for secure and safe user verification. As the user enters the login credentials, the server creates a Token (JSON Web Token) which is created by the private key on the server.

As the Token is created from the server it is passed back to the browser and is stored in the local storage which reduces the load on the server.  Whenever the server requests authentication,  JWT is added to the authorization header prefix.

The signed header is used for validation upon server requests. Then the server only needs to validate the signature with the header. This is more robust when dealing with a distributed system in the cloud.

Token-Based Authentication flow
Mechanism of Token based authentication flow
Mechanism of Token based authentication flow
Pros of Token-Based Authentication
  • Tokens contain all the necessary information that is necessary for the validation. From a scalability point of view, it is great as it doesn’t load the server and no verification needs to be stored on the server.
  • Less risk of CSRF (Cross-site request forgery) attack.
  • We can easily transfer information between parties in a more convenient and more secure manner.
A basic example of JSON Web Token

jwt example

JWT encoded value is presented on the left side of the image. The encoded value consists of various components like header, payload, and verify the signature. With the use of payload, we can provide various information regarding the user regarding their roles and accessibility.

With a modern programming framework it becomes more efficient and more secure working with JSON Web Token.

Conclusion

As compared to session-based authentication, token-based authentication is much better and efficient to work with. Regarding core aspects like scalability, security, server load token-based authentication is more promising than session-based authentication.

In this comparison of token vs session based authentication, it maybe a developer’s preference but the wider and future scaling of application need might help you understand what to adopt at an early application development stage.

What’s your thought? Let’s discuss.

Share34TweetShareScan
Previous Post

Fix for “Sorry, another account from your organization is already signed in on this computer.”

Next Post

Why It Is Important to Consider Using Electronic Signature for Your Businesses

Also check out other Similar posts

watermark using php
How To

Create Watermark of image using PHP

November 3, 2020
Top 5 Programming Language to learn Nepal
Computing

Top 5 Programming Language to learn Nepal

September 14, 2020
The History of Windows - how did Microsoft Windows 10 evolved in 20 years from Windows 1!
Software

The History of Windows – how did Microsoft Windows 10 evolved from Windows 1 in 20 years time?

August 17, 2015
Windows 10 home screen after installing Windows 10 upgrade
Software

[How to] Install Insiders Preview to Upgrade Windows7 or 8 to Free Windows 10 License

July 14, 2015
Windows 10 Horizontal Logo, img courtesy: Microsoft
Software

Windows 10 brings new features including Microsoft Edge – the new Internet Browser

June 20, 2015
Wondershare TunesGo even lets you export iPhone music
Applications

Add functionalities to your iTunes with TunesGo [Review]

March 30, 2015
Next Post
It Is Important to Consider Using Electronic Signature for Your Businesses

Why It Is Important to Consider Using Electronic Signature for Your Businesses

Comments 1

  1. Piotr Śródka says:
    2 years ago

    From the article it appears there is no difference between session and token.

No Result
View All Result

Recent Posts

  • Apply now for the $25,000 UNESCO Prize for Your Education Technology Solution
  • Daraz announces the biggest sale of the year – Up to 80% off, mega vouchers up to 11,111 & more
  • 6 things you can do to speed up your Windows 11 computer
  • Vivo Launches V23 5G Smartphone with 50MP AF Portrait Selfie Camera and Elegant Color-Changing Exterior
  • Fix for slow or not responding Brave browser in Windows 11 #BraveBrowser #Windows11
  • Speed up your Windows 11 computer by reducing startup time, here is how to
  • What is band steering and why you should use it #WiFi #Networking
  • Messages for Android and Web saves you tonnes of time and features!
  • Great! Nagarik App now supports Vehicle Tax and Bluebook Info #NagarikApp
  • 👍 Nepal moves 15 spots up in Global Cybersecurity Index 2021

Recent Comments

  • Gloria Brooks on Daraz announces the biggest sale of the year – Up to 80% off, mega vouchers up to 11,111 & more
  • Devendra Acharya on History of Computers and Information Technologies (IT) in Nepal
  • 6 things you can do to speed up your Windows 11 computer • TechSansar.com on Fix for slow or not responding Brave browser in Windows 11 #BraveBrowser #Windows11
  • 6 things you can do to speed up your Windows 11 computer • TechSansar.com on Speed up your Windows 11 computer by reducing startup time, here is how to
  • Rabish Kumar Sah on Micromax Service Center & Authorized Dealers in Nepal

Listen to TechSansar Podcast

Categories

RoboForm: Learn more...

Recent Posts

  • Apply now for the $25,000 UNESCO Prize for Your Education Technology Solution January 3, 2023
  • Daraz announces the biggest sale of the year – Up to 80% off, mega vouchers up to 11,111 & more November 12, 2022
  • 6 things you can do to speed up your Windows 11 computer April 14, 2022
  • Vivo Launches V23 5G Smartphone with 50MP AF Portrait Selfie Camera and Elegant Color-Changing Exterior April 11, 2022
  • Fix for slow or not responding Brave browser in Windows 11 #BraveBrowser #Windows11 January 5, 2022
  • Speed up your Windows 11 computer by reducing startup time, here is how to December 23, 2021
  • What is band steering and why you should use it #WiFi #Networking November 25, 2021
  • Messages for Android and Web saves you tonnes of time and features! July 7, 2021
  • Great! Nagarik App now supports Vehicle Tax and Bluebook Info #NagarikApp July 5, 2021
  • 👍 Nepal moves 15 spots up in Global Cybersecurity Index 2021 July 1, 2021

Latest Questions

  • Wifi doesn’t turn back automatically Windows 10 asked by Chandani, 2 years ago
  • Your feed file is too big – Facebook Instant Articles asked by , 2 years ago
  • What is businessfocus.info ads? asked by , 2 years ago
  • MSDOS Boot creation problem. asked by , 2 years ago
  • Why does Google Site Kit keeps disconnecting? asked by Editor, 2 years ago
  • Best eBanking in Nepal asked by Editor, 4 years ago
  • Traditional Nepali Font asked by Malvika Shrestha, 4 years ago
  • Cloud servers VPS in Nepal asked by Sunita, 4 years ago
  • Cloud servers VPS in Nepal asked by Sunita, 4 years ago
  • Cloud servers VPS in Nepal asked by Sunita, 4 years ago

Categories

  • ADSL
  • Apple
  • Applications
  • Broadband
  • Broadcasting
  • Cell Phones
  • Cloud Computing
  • Computing
  • Default
  • Featured
  • Gadgets
  • Google
  • How To
  • India Inc
  • Internetworking
  • Microsoft
  • Nepali IT
  • New Release
  • Products
  • SMS & related
  • Social Networking
  • Software
  • Startups
  • Support
  • Tech Fun
  • Tech News
  • Technology
  • Technology in Effect
  • Telecom
  • Tips & Tricks
  • Tutorials
  • Uncategorized
  • Videos
  • Websites
  • Windows
  • Windows-7
  • टिप्सहरु
  • नेपाली टेक संसार
  • QnA Platform
  • Gadgets
  • Tech News
  • Tips & Tricks
  • About us
  • ICT in Nepal
  • Market

TechSansar.com, ICT For Media Pvt Ltd, Regd #249079/077/078, VAT #609868175. 
By continuing to use this site, you agree to our cookies and privacy policies.
Here is our Do Not Track (DNT) Guide. Hosted on a VPS in Singapore and uses this beautiful WordPress theme. You can also subscribe to our newsletter.
Creating tech contents for the b̶o̶t̶s̶ humans since 2009 • Team TechSansar • ICT4M with ❤ from Nepal

No Result
View All Result
  • Startups
  • Tech Events
    • Submit Tech Events in Nepal
  • Services
    • Shop
    • Web hosting Features
    • Projects initiated by Team TechSansar
    • Windows Apps developed by Team TechSansar
  • Top Posts
    • ICT Organizations in Nepal
    • Top Websites in Nepal
    • Trending Topics related to Nepal
    • Wi-Fi Access Directory Nepal
    • SEO Guide to Nepalese Bloggers – नेपाली ब्लगरहरुलाई SEO सम्बन्धि सुझावहरु
  • Market
    • LG TV Prices
    • Galaxy Tablet Prices
    • Samsung TV Prices
  • Categories
    • Gadgets
    • Nepali IT
    • Telecom
    • Freebies
  • QnA
    • Ask a Question
  • नेपाली संस्करण

TechSansar.com, ICT For Media Pvt Ltd, Regd #249079/077/078, VAT #609868175. 
By continuing to use this site, you agree to our cookies and privacy policies.
Here is our Do Not Track (DNT) Guide. Hosted on a VPS in Singapore and uses this beautiful WordPress theme. You can also subscribe to our newsletter.
Creating tech contents for the b̶o̶t̶s̶ humans since 2009 • Team TechSansar • ICT4M with ❤ from Nepal

Welcome Back!

Sign In with Facebook
Sign In with Google
OR

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

We are running on limited supplies. Kindly, chat with us before sending payments. Dismiss