Basic authentication vs Session & cookie based authentication

First, what is meant by the authentication process it’s a common way to handle the security for all application. In this article, we will discuss the difference between basic authentication and session-based authentication advantages and disadvantages.

HTTP Basic Authentication

The simplest way for authentication password and username are sent in header at every request so it does not require session or cookies.

Basic component

  • username and password concatenated into one string name:pass
  • This string encoded with base64.
  • Basic Keyword putted before the encoded value.
    For Example:
curl --header "Authorization: Basic am9objpzZWNyZXQ=" my-website.com

Drawbacks of using it

  • username and password should be sent in every request so it can be exposed even if in secure connection.
  • There is no way to logout user.

Has been the default method to handle the user authentication for long time by creating a session for user saved in server when credentials verified then server sent it to set-cookie in a browser which both are deleted when user logout.
stateful authentication method (Server based authentication)
it is needed to store authentication records in client side and server side both.
Its Algorithm

  • Enter login credentials.
  • Server verifies given credentials, creates a session and stores in database.
  • Cookie + Session ID will be kept in client side(User browser)
  • For consequent requests, session ID will be verified against database.
  • Session will be destroyed from client and server side once the user logs out.

The Main disadvantage
The server has to store session data for every user and this increase the overhead.

If you want to know the difference between authentication and authorization you can get the full information from this article also the structure and usage of JWT with example
Authentication vs authorization