To secure web-based applications, we would need to first establish the user's identity and then maintain this authenticated state in some kind of session. Here's a simplified view of the steps for establishing authentication with the session-based or cookie-based approach:
- The client sends a request to a server-side application along with user credentials.
- The server validates the credentials against a database and creates a session ID, which is persisted on the server and sent as part of the response.
- A cookie is set in the user's browser having the session ID.
- The series of requests that follow would contain the same ID that gets validated by the server against its own database of active session IDs. The server then remembers who the user is.
This allows for a stateful conversation between client and server, which is typical of traditional...