Authentication
Intro
Session
Stores it as a session - cookie, server state based.
- could be slower since it needs a round trip request to main session state server or need the servers to sync the state.
- Cookie based
Token
- State less
- stores it on local storage or persistent layer
- can have refresh token with session / access_token to activate or renew its contract
- faster
Diff
fireship | Session vs Token authentication