In this video tutorial Cookie Based Authentication Advantage And Disadvantage | 0010–02 we will discuss about cookie based authentication. In this type of authentication, whenever client sends authentication details to server, server creates unique id for that client and put that in the cookie object of the response. Cookie is nothing but an object which stores data that goes to client. So next time when client try to authenticate itself, it will send the same cookie in header message to server. As far as that cookie is not expired, user will be authenticated.
Now there are mainly three issues that come up with cookie based authentication.
First one is Cookie has to be stored in client machine, which is more vulnerable to miscreants.
Second one is Cross request scripting — by default cookies go through header of every message, so there is chance to send your cookie data to wrong server.
Third and important one is some of the mobile devices do not support saving of cookie data. So if you want to scale up your API’s for mobile devices like IOS etc. then they may or may not support cookie storage.
So if we are okay with these three shortcomings then we can go for cookie based authentication. Next we will learn about JWT authentication in subsequent video session.