Session, Cookie, JWT, Token, SSO, and OAuth 2.0 Explained in One Diagram

When you login to a website, your identity needs to be managed. Here is how different solutions work.

• Session - The server stores your identity and gives the browser a session ID cookie. This allows the server to track login state. But cookies don't work well across devices.

• Token - Your identity is encoded into a token sent to the browser. The browser sends this token on future requests for authentication. No server session storage is required. But tokens need encryption/decryption.

• JWT - JSON Web Tokens standardize identity tokens using digital signatures for trust. The signature is contained in the token so no server session is needed.

• SSO - Single Sign On uses a central authentication service. This allows a single login to work across multiple sites.

• OAuth2 - Allows limited access to your data on one site by another site, without giving away passwords.

• QR Code - Encodes a random token into a QR code for mobile login. Scanning the code logs you in without typing a password.

Author

AiUTOMATING PEOPLE, ABN ASIA was founded by people with deep roots in academia, with work experience in the US, Holland, Hungary, Japan, South Korea, Singapore, and Vietnam. ABN Asia is where academia and technology meet opportunity. With our cutting-edge solutions and competent software development services, we're helping businesses level up and take on the global scene. Our commitment: Faster. Better. More reliable. In most cases: Cheaper as well.

Feel free to reach out to us whenever you require IT services, digital consulting, off-the-shelf software solutions, or if you'd like to send us requests for proposals (RFPs). You can contact us at [email protected]. We're ready to assist you with all your technology needs.

© ABN ASIA