Authentication is vital to most of the applications and the way it is achieved has evolved substantially in recent years. Basically there are three types of authentication:
- Session Based Authentication
- Cookie Based Authentication
- JWT(JSON Web Tokens) Authentication
JWT Authentication is one of the most popular types in today’s world. Will discuss each type in detail in our subsequent video sessions. In this video tutorial Session Based Authentication, we will explain session based authentication with real world examples. Will also discuss its advantages & disadvantages.
Let’s say you are trying to login into your app with your user credentials. As soon as you will submit your details, request will be sent to server. Server will authenticate and create session key that it will pass to client. Now next time whenever you will try to retrieve your session, server will expect that the client will pass the session key to it to recognize you.
Now the problem comes when we use distributed server system with load balancer in large scale applications. Here when client sends your session key, it may or may not be received by the same server by which it was created. If it goes to other server then that will not be able to recognize you as all the servers create their independent session keys. This is one of the major problems in session based authentication. To overcome this there are certain packages available like out of the process sessions storage, distributed sessions software, or use SQL server exclusively to store sessions. So whenever we have large servers with distributed architecture and we are using session authentication then we must consider any of these extra packages as well, to overcome session authentication shortcomings.