Generally speaking, cookies, sessions, and tokens are different

1.Cookie

 Save in browser 
​
 The first stage : Cookie It stores the user's original user name and password , Every time you access the server , The browser carries the saved user name and password Cookie, There is a server to parse and verify whether the user name and password match , If it matches, you don't need to log in again     But not very safe , If hackers get complete Cookie You can get the complete user name and password 
​
 The second stage : Cookie It's very unsafe to store the user's original user name and password , And it happens that the server generates a unique SessionID And return to the browser , So browser Cookie I can save it SessionID And through Session The validity period of is set to Cookie The expiration time of , It's solved Cookie The great danger of releasing completed information 
​
 The third stage : Cookie Inside the store Token, Compared with phase II, this method has no improvement for browsers , The improvement is that the server is easier for storage 

2.Session

Session
 After the user verifies the user name and password , If the validation is successful , The server will generate a unique Session ID and Session ID The expiration time of , And will the Session Put it in the database , When the expiration time is reached, it will be cleared automatically 
 After the server is generated, the server is saved , How does the client exist ?
 Put this SessionID And expired to the browser , Handled by the browser , Hence the Cookie The second stage 

3.Token

Session Larger in volume , When there are more users , Server for Session The storage of may be under pressure 
​
 Therefore, we don't want the server to store so much Session data , So it came out Token, Our server only needs to define a ciphertext , such as abcde, Each user logs in , All servers use the same abcde+ User name, password + The encryption algorithm generates a signature , This signature is Token, And then Token Send to browser , The browser will Token Can be stored in Cookie It can also be stored in Storage in , Please bring it next time , In this way, the server only needs to store abcde, It's easy 

4.JWT

Json Web Token: JWT yes Token The concrete realization of

Token There is no regulation on the type of data transmitted , And encryption algorithms , What format is the data encrypted by the encryption algorithm , Just abstracted Token What is the process of using , What are the processes , such as Token It can be a string , It can also be a row of arrays 6 by 18 Bits, etc

that JWT Namely Token A concrete realization of ,JWT Will be with JSON The encrypted form is saved in the client's , And the encryption algorithm is also specified as HMAC【 Hash message verification code ( symmetry )】,RSASSA【RSA Signature algorithm ( Asymmetric )】,ECDSA【 Elliptic curve data signature algorithm ( Asymmetric )】 Three , The final data is also specified as header (Header)、 Payload (Payload) And signature (Signature) Three parts .

After the user logs in , Generated by the server JWT, And will JWT Send it to the browser , The browser stores the complete Token, Server only stores Token The signed ciphertext browser will Token Can be stored in Cookie It can also be stored in Storage in