[anon1252]

> Cookies are special headers added to HTTP requests to store state.

The topic is more about session VS JWT, not cookies vs whatever local storage is used in place of cookies.

[manigandham]

"Session" does not mean anything. It is state, usually stored and sent in cookies, but just as easily stored and sent as JWTs/Auth.

[anon1252]

Yes it does mean something. a session is something that is identified by an ID on the client and is persisted on the server with the corresponding ID. It's a concept. It doesn't have to be stored in a cookie. A session can be represented by a token and stored in any client side storage.

[manigandham]

Ok, yes, session is a concept. Session state can be stored in its entirety or split between an ID and body.

You can send it all to the client or you can send just an ID and lookup the body on the server.

You can send it to the client via the cookie header or via the Authorization header or something else.

You can encode the data (sent via cookies or auth header) as a JWT or your own encryption scheme.

These are all different technologies working at different layers, which is why comparing JWTs vs cookies vs sessions doesn't really make sense.

[anon1252]

> Ok, yes, session is a concept. Session state can be stored in its entirety or split between an ID and body.

the storage of session has absolutely nothing to do with the session. I'm not sure why you keep talking about Cookies it has nothing to do with the problem. JWT can be persisted with cookies as well.

[manigandham]

Yes, my original and last comments already said exactly that... I'm not sure what you're arguing at this point.