Web Authentication: Cookies vs. Tokens

How to Choose Between Cookies and Tokens in Web Authentication.

Chameera Dulanga
Bits and Pieces

With the increasing number of threats, the stability of the authentication mechanism has become vital for all applications. However, choosing one isn’t easy since there are many methods with different capabilities.

So, in this article, I will discuss the features, pros, cons and compare token-based authentication vs. cookie-based authentication to help you decide the best approach for your project.

Cookie-Based Authentication

Authentication is the process of exchanging user credentials for a piece of unique identification.

In cookie-based authentication, this unique identifier (cookie) is created on the server-side and sent to the browser.

When you log in to a web application, your browser will receive a cookie from its application’s server, and the browser will store it and send that cookie with each subsequent request to verify that requests come from the same user.

To better understand how cookies work, Let’s break down this process into 5 parts.

1. User login to the application using

Create an account to read the full story.

The author made this story available to Medium members only.
If you’re new to Medium, create a new account to read this story on us.

Or, continue in mobile web

Already have an account? Sign in

Responses (8)

What are your thoughts?