What is it
Used for authorization
Authentication vs Authorization
Authentication
- "login by x user" with user name and password
Authorization
- post-login, identifying "requests are by x user"
Authorization
Session (cookie) to store user temporarily
- maintained by server, sent to client
SessionID is sent every time with request to server