The difference between Cookie authentication and Token authentication

Recently, I have developed our software’s function of authentication from other services. it was interesting to make cookie and token authentication functions, so I write it down .


A user logs in a service for the first time, the server provides the user with session id and saves it. Moreover, the user’s client keeps session id and send it to the server every time the client sends a request message to the server. The server authenticates the user by verifying that the sent session id is the same as saved session id. This way is stateful.


As the cookie does so, in the case of token, when a client sends a request message to a server, the information about authentication is involved in request header. However, nothing is saved in the server. The client sends the information that this client is already verified every time. This way is stateless. Basic authentication uses this technique.

My LinkedIn account is below! Please contact me!