Token-based vs Cookie-Based AuthorizationPros/cons

We tested the client’s web applications – this is the Dashboard Component and the API server (Web API Component).

Access to web applications is available only through authorization (user email and password are required). Next, we use one Cookie to navigate through all sites (domains) of the client (this is Cookie-based authentication). Client services are critical for business, and therefore limiting access to the site and the method of authorization on web applications is very important.

Cookie-Based Authentication uses the mechanism of passing Cookies in HTTP requests. In response to a client request, the server sends a Set-Cookie header that contains the name and value of the cookie, as well as additional attributes: expires, domain, path, secure, httponly. An example of sending a cookie: