API Documentation
Lectures 38 • 40 slides
Narration
Lecture 38 Slide 1: Deep Dive into Authentication and Authorization (Session/JWT)
mindmap
root((Authentication and Authorization))
Session-based
State management on server
Uses Cookie
Can be immediately invalidated
Token-based
JWT
Stateless
Scalable
Security
XSS countermeasures
CSRF countermeasures
Course Overview
- Deeply understand the mechanisms of Authentication and Authorization
- Differences between session-based authentication and token-based authentication
Learning Content of Lecture 38
- Mechanism of session-based authentication
- Structure and usage of JWT (JSON Web Token)
- Access tokens and refresh tokens
- Token storage locations and security
Review of the Previous Lecture
- Lecture 37: Validation and Sanitization
- Secure data processing through input value validation and sanitization
1/40