Authentication, Authorization, Credentials, Cookies, Sessions, Tokens and JWT Overview

Authentication, Authorization and Credentials

Authentication verifies a user's identity (e.g., username/password, email link, SMS code) while authorization determines what actions an authenticated user may perform. Credentials such as tokens or certificates serve as proof of identity.

Cookies and Sessions

HTTP is a stateless protocol; cookies store a small piece of data on the client and are sent with each request, while sessions store state on the server and use a session ID stored in a cookie. The article compares their properties, security, size, lifespan, and storage.

Session Scaling Issues

In distributed environments a single‑machine session fails; three solutions are described: session replication, sticky sessions (IP‑hash), and session sharing via Redis/Memcached.

Token‑Based Authentication and JWT

Tokens are self‑contained credentials sent in the Authorization header (Bearer <token>). JWT consists of a header, payload and signature, enabling stateless cross‑domain authentication. The article outlines token generation, validation, advantages, drawbacks, and usage patterns (header, body, URL).

Security Considerations

Discusses CSRF, same‑origin policy, cross‑origin solutions, and best practices for cookies, sessions, tokens and JWT (HTTPS, short expiry, blacklist, etc.).

Common Encryption Algorithms

Brief overview of irreversible hash algorithms (MD5, SHA) and reversible symmetric (AES, DES) and asymmetric (RSA, ECC) encryption, with usage recommendations.

Authorization: Bearer

GET /calendar/v1/events