Menu
Why almost all websites out there are using cookies instead of basic auth? It can't be only that the user/pass window is ugly and none of them is more secure. They are both insecure (without https).
252
Using cookies in authentication makes your application stateful. This will be efficient in tracking and personalizing the state of a user. Cookies are small in size thus making them efficient to store on the client-side. Cookies can be “HTTP-only” making them impossible to read on the client-side.
Because Basic authentication involves the cleartext transmission of passwords, it SHOULD NOT be used (without enhancements such as HTTPS RFC2818) to protect sensitive or valuable information. As the user ID and password are passed over the network as clear text ... the basic authentication scheme is not secure.
What is Cookie-based Authentication? Cookies are pieces of data used to identify the user and their preferences. The browser returns the cookie to the server every time the page is requested. Specific cookies like HTTP cookies are used to perform cookie-based authentication to maintain the session for each user.
Cookies and tokens are two common ways of setting up authentication. Cookies are chunks of data created by the server and sent to the client for communication purposes. Tokens, usually referring to JSON Web Tokens (JWTs), are signed credentials encoded into a long string of characters created by the server.
To logout of a basic auth login the browser often needs to be quit entirely. This means there is no way for the server to log out the user.
I believe basic auth also has more overhead (assuming your cookie size isn't massive), but I might be wrong about that.
HTTP basic auth also sends the username and password with every request, making it potentially less secure because there is more opportunity for interception.
151
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
