Stateful vs Stateless authentication

 Stateful

Stateful session is created on the backend side, and the correspondent session reference Id is sent to the client. Each time the client makes a request to the server, the server locates the session memory using the reference Id from the client and finds the authentication information. Example: TCP, FTP.

Stateless

Stateless authentication stores the user session data on the client side. Since the user session is stored on the client side, the server only have the capability to verify its validity by checking whether the payload and the signature match. Example: HTTP.

Payload:
{
id: 1234,
user: "kennethchoi",
FirstName: "Kenneth",
LastName: "Choi",
Expiration: 1525132799 // 2018-04-30T23:59:59+00:00
}
Signature (a string) using a specific algorithm and the private key to sign:
XxxxXXXxxxxXXXXXXxxxxXX

Labels:

Edit This post
© copyright-2020 Rejaul