Sign in
Log inSign up

Stateless Vs Stateful authentication

shivam upadhyay's photo
shivam upadhyay
·Jul 10, 2021·

2 min read

in this article i'm going to talk about what are these two type of authentication and whats they are what benefit they provides so lets get started.

Preface

Authentication exists in almost every application to Identify application client whether it is a user or other application. Client send credentials to Application then Application checks that credentials are correct or not then it generate auth token and send to client to access resource of that application.

Stateful Authentication

Stateful authentication is way to identify user session by creating session on backend and generating session id it sent the session to client and its getting stored in session storage .

so whenever user makes any request with server locates a session on its side and check there is a session or by checking properties in session state finds the user information so thus user can get resource by server.

Points

Revoke Session Time:

  • Session is getting created on server so server have access of revoke session anytime

Easy to manage session :

  • session management will be easy server know how much sessions are active like videos streaming platform .

Session data can be stolen

  • It is impossible to steal session information from the session identifier because it is just an identifier associated with the session

Not easy to scale

  • For adding new instance there will be need to do additional changes in session storage

Stateless Authentication

In stateless Authentication in which session data get stored in client side. State get Signed with key using various methods such as JWT so server only have to verify that is take signature matches or not.

Stateless authentication also called token bases authentication because of all state data is signed and encrypted so whenever user request anything from server it verify user token and response in behalf of that.

Points

low server overhead

  • In stateful authentication state is getting stored on backend thus server have to work more on it but here server only have to verify key so no need to store session server.

Easy to Scale

  • easy to scale thus session data is getting store on user end so no matter which data is getting changed don't have to do much efforts on it.

    Cant revoke Session

  • can't rovoke session anytime thus server is not maintaining the session and when server creating session it have expire time so you have to work much on it .