• About us
  • Advertising
  • Send Press Release
  • ICT Indicators
Thursday, January 21, 2021
  • Login
TechSansar.com • Nepal Information and Technology Navigator Website from Nepal
  • Startups
  • Tech Events
    • Submit Tech Events in Nepal
  • Services
    • Web hosting Features
    • Projects initiated by Team TechSansar
    • Windows Apps developed by Team TechSansar
  • Top Posts
    • ICT Organizations in Nepal
    • Top Websites in Nepal
    • Trending Topics related to Nepal
    • Wi-Fi Access Directory Nepal
    • SEO Guide to Nepalese Bloggers – नेपाली ब्लगरहरुलाई SEO सम्बन्धि सुझावहरु
  • Market
    • LG TV Prices
    • Galaxy Tablet Prices
    • Samsung TV Prices
  • Categories
    • Gadgets
    • Nepali IT
    • Telecom
    • Freebies
  • QnA
    • Ask a Question
  • नेपाली संस्करण
No Result
View All Result
  • Startups
  • Tech Events
    • Submit Tech Events in Nepal
  • Services
    • Web hosting Features
    • Projects initiated by Team TechSansar
    • Windows Apps developed by Team TechSansar
  • Top Posts
    • ICT Organizations in Nepal
    • Top Websites in Nepal
    • Trending Topics related to Nepal
    • Wi-Fi Access Directory Nepal
    • SEO Guide to Nepalese Bloggers – नेपाली ब्लगरहरुलाई SEO सम्बन्धि सुझावहरु
  • Market
    • LG TV Prices
    • Galaxy Tablet Prices
    • Samsung TV Prices
  • Categories
    • Gadgets
    • Nepali IT
    • Telecom
    • Freebies
  • QnA
    • Ask a Question
  • नेपाली संस्करण
No Result
View All Result
TechSansar.com • Nepal Information and Technology Navigator Website from Nepal
No Result
View All Result

Session vs Token Authentication in Information Security

2 months ago
in Software
Reading Time: 5min read
A A
0
session vs token

User authentication is a key concern for any modern web project. Not just web but authentication is used in almost every sector such as banking, governments, and many others. For the purpose of user authentication in web or mobile apps two main ways which are Session and Tokens. In this explanatory article, we discuss session vs token authentication necessity and mechanism.

Authentication is the process of verifying whether the user who they claim they are. Let’s consider a simple example of ABC Bank, before fully digging into session vs authentication chapter.

Authentication example where end-user attempts to login using username and password to the cloud-based backend of the banking service.
Authentication example where end-user attempts to login using username and password to the cloud-based backend of the banking service.

In the initial stage, a user is presented with the login screen as shown on the left side of the image. As the user enters the login credentials, the request is handled by the backend service and validates with the database or cloud server.

The authenticity of the login credentials are checked and the response is sent to the user by the backend. If the user is valid, a success request is sent and the user can access the services provided otherwise the authentication is not granted and the user cannot access the system.

As the access is granted a session is created in the database along with the login event and provides the session-id in form of a cookie.

Other similar Posts

Why It Is Important to Consider Using Electronic Signature for Your Businesses

How to Use iPhone Keylogger on an iPhone Remotely & Effortlessly

Session – what is it?

The session can be defined as the way or method of authenticating a user without them having to type the username and password every time they need to access the system which requires authenticity.

The process begins with the user filling out their login credentials and submitting it to the server. The server validates and creates a session on the database and then responds with a session-id. The session-id is stored in the browser as cookies which will be sent back to the server on each subsequent request.

Then the server responds with the context that is authentic for the currently signed-in user. A stateful session is in between the client, backend, and the server.

Session-Based Authentication flow
Mechanism of Session Based Authentication flow
Mechanism of Session Based Authentication flow
Example of Session Management

Let’s take the example of Facebook. Initially, we need to type in our username and password to get into the website or mobile app to confirm that we are the owner of the account.

If there would be no service of session management, image how annoying it would be typing in username and password for every little thing such as uploading a picture, comments, likes, and so on.  This would be necessary if there was no session management system because Facebook wants to confirm that you are the account owner before doing those little things.

With the presence of session-id, Facebook knows the account belongs to us and thus lets us perform those operations without that login stuff.

Drawbacks of session-based authentication
  • Every authentication server creates a new session and stores it into the server. With the presence of an excessive number of users, it creates a heavy load onto the server.
  • As the session gets stored in the server memory, it creates a problem with scalability.
  • Vulnerable to CSRF (Cross-site request forgery) attack.

Token – what is it?

Token-based authentication is one of the better ways of authentications for secure and safe user verification. As the user enters the login credentials, the server creates a Token (JSON Web Token) which is created by the private key on the server.

As the Token is created from the server it is passed back to the browser and is stored in the local storage which reduces the load on the server.  Whenever the server requests authentication,  JWT is added to the authorization header prefix.

The signed header is used for validation upon server requests. Then the server only needs to validate the signature with the header. This is more robust when dealing with a distributed system in the cloud.

Token-Based Authentication flow
Mechanism of Token based authentication flow
Mechanism of Token based authentication flow
Pros of Token-Based Authentication
  • Tokens contain all the necessary information that is necessary for the validation. From a scalability point of view, it is great as it doesn’t load the server and no verification needs to be stored on the server.
  • Less risk of CSRF (Cross-site request forgery) attack.
  • We can easily transfer information between parties in a more convenient and more secure manner.
A basic example of JSON Web Token

jwt example

JWT encoded value is presented on the left side of the image. The encoded value consists of various components like header, payload, and verify the signature. With the use of payload, we can provide various information regarding the user regarding their roles and accessibility.

With a modern programming framework it becomes more efficient and more secure working with JSON Web Token.

Conclusion

As compared to session-based authentication, token-based authentication is much better and efficient to work with. Regarding core aspects like scalability, security, server load token-based authentication is more promising than session-based authentication.

In this comparison of token vs session based authentication, it maybe a developer’s preference but the wider and future scaling of application need might help you understand what to adopt at an early application development stage.

What’s your thought? Let’s discuss.

Tags: InfosecSecuritySupport
Previous Post

Fix for “Sorry, another account from your organization is already signed in on this computer.”

Next Post

Why It Is Important to Consider Using Electronic Signature for Your Businesses

Also check out other Similar posts

watermark using php
How To

Create Watermark of image using PHP

November 3, 2020
Top 5 Programming Language to learn Nepal
Computing

Top 5 Programming Language to learn Nepal

September 14, 2020
The History of Windows - how did Microsoft Windows 10 evolved in 20 years from Windows 1!
Software

The History of Windows – how did Microsoft Windows 10 evolved from Windows 1 in 20 years time?

August 17, 2015
Windows 10 home screen after installing Windows 10 upgrade
Software

[How to] Install Insiders Preview to Upgrade Windows7 or 8 to Free Windows 10 License

July 14, 2015
Windows 10 Horizontal Logo, img courtesy: Microsoft
Software

Windows 10 brings new features including Microsoft Edge – the new Internet Browser

June 20, 2015
Wondershare TunesGo even lets you export iPhone music
Applications

Add functionalities to your iTunes with TunesGo [Review]

March 30, 2015
Next Post
It Is Important to Consider Using Electronic Signature for Your Businesses

Why It Is Important to Consider Using Electronic Signature for Your Businesses

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

No Result
View All Result

Recent Posts

  • Samsung Galaxy Buds Pro – Truly Adventurous
  • Galaxy S21 and S21+ 5G – Truly Dazzling
  • Samsung Galaxy S21 Ultra – New Flagship
  • Samsung Exynos 2100 the success
  • Elon Musk’s Tesla a success
  • Latest iPhone Prices in Nepal
  • 12 productivity keyboard shortcuts for Microsoft Teams
  • [How to] Enable public Live Events aka Webinar in Microsoft Teams #MSTeams #LiveEvents #Webinar
  • Why It Is Important to Consider Using Electronic Signature for Your Businesses
  • Session vs Token Authentication in Information Security

Recent Comments

  • Samsung Galaxy S21 Ultra - True Flagship • TechSansar.com on Galaxy S21 and S21+ 5G – Truly Dazzling
  • Rohit Nepali on Samsung Galaxy S21 Ultra – New Flagship
  • 15 Great Programming Tips for Nepali Programmers on Projects initiated by Team TechSansar
  • Prem Kumar Tamang on Nepali font Preeti to Unicode Converter Tool
  • 12 productivity keyboard shortcuts for Microsoft Teams • TechSansar.com on [How to] Enable public Live Events aka Webinar in Microsoft Teams #MSTeams #LiveEvents #Webinar

Listen to TechSansar Podcast

Categories

RoboForm: Learn more...
  • QnA Platform
  • Gadgets
  • Tech News
  • Tips & Tricks
  • About us
  • ICT in Nepal
  • Market

By continuing to use this site, you agree to our cookies and privacy policies • Here is our Do Not Track (DNT) Guide. Hosted on a VPS in Singapore • Uses this beautiful theme. You can also subscribe to our newsletter.Creating tech contents for the bots humans since 2009 Team TechSansar • NTRC With ❤ from Nepal

No Result
View All Result
  • Startups
  • Tech Events
    • Submit Tech Events in Nepal
  • Services
    • Web hosting Features
    • Projects initiated by Team TechSansar
    • Windows Apps developed by Team TechSansar
  • Top Posts
    • ICT Organizations in Nepal
    • Top Websites in Nepal
    • Trending Topics related to Nepal
    • Wi-Fi Access Directory Nepal
    • SEO Guide to Nepalese Bloggers – नेपाली ब्लगरहरुलाई SEO सम्बन्धि सुझावहरु
  • Market
    • LG TV Prices
    • Galaxy Tablet Prices
    • Samsung TV Prices
  • Categories
    • Gadgets
    • Nepali IT
    • Telecom
    • Freebies
  • QnA
    • Ask a Question
  • नेपाली संस्करण

By continuing to use this site, you agree to our cookies and privacy policies • Here is our Do Not Track (DNT) Guide. Hosted on a VPS in Singapore • Uses this beautiful theme. You can also subscribe to our newsletter.Creating tech contents for the bots humans since 2009 Team TechSansar • NTRC With ❤ from Nepal

Welcome Back!

Login to your account below

Forgotten Password?

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In