So in the previous article, we discussed authentication procedures like encryption, hashing, salting, etc. Now that we have verified the user let’s concentrate on the session.
So what is this **_session _**and **_cookie _**thing?
A story about Https
**_Https _**is basically a stateless protocol. What does it mean by **_stateless _**🤔? Basically, whenever we open chrome and search for something or hit an endpoint, a secure connection is established between the _server _and you (client). The **_server _**accepts your request, it does **_authentication _**in case you provided **_id _**and **_password _**and sends you back the information you asked. After that, the connection is closed. Next time you ask the server again, but the **_server _**doesn’t know who you are. If the information you are asking requires authentication, you have to put **_id _**and **_password, _**again and again, each time you query something.
_One thing to remember that we should not use __Http _because it is not end-to-end encrypted, so anybody can tap into the channel, have a look in the data inside it, and ah-ha! You are hacked!
Suppose you are accessing a bank website. How does it feel like to put id, password, and secure CAPTCHA each time you press a button or page refreshes? Frustrating na?
Stateless Https connection
That is where **_sessions _**and **_cookies _**come into the picture.
Let’s understand in simple terms. Before understanding the **_session _**and cookie, let’s look at the Https messages.
There are two types of http messages: requests sent by the client to trigger an action on the server, and responses, the answer from the server.
But broadly they have a similar structure with
- Head — It has information like request verb (GET/POST/PUT… in case of request), status code (in case of response), target URL, body content metadata, etc.
- Body — Body is optional. It can have HTML form etc.
#nodejs #cookies #sessions #expressjs #webauth