Session
A session is a connection that is
- time-delimited
- bidirectional
- high-level
- used for interactive expression or information exchange
A session is typically stateful, and allows state to persist during multiple messages.
Cookie
Token
Session-based authentication
Typically, in session-based authentication,
- The session state is stored in the server.
- A session token is sent from the server as a cookie and stored in the client.
- The client can use the session token for authentication without explicitly logging in every time it requests the web page until the cookie expires.