We all have doubts about what to use when implementing authentication at client side,whether I save the token I get from the server as cookie or should i use the local storage of browser. Here I will point out some of the differences between cookie and token. You can decide what fits more into your application.
Cookie
|
Token
|
Automatically included in all requests
|
We must manually include in the requests
|
Cookie is unique to each domain. We have different cookies for
amazon, eBay, google etc.
|
We can send token to any domain
|
Requset:
Headers
Cookie:{}
Body{
Name:’ABc’
}
|
Requset:
Headers
Authorization:’adbdghgber495yjfkhjhl’
Body{
Name:’AB’
}
|
Cookies bring state to stateless http protocol
|