Authentication Token vs Cookies - Session Authentication

Question

I am quite confused which is more safe Authentication Token vs Cookies - Session Authentication

While searching on the net I found Authentication Token is more fast & secure to use.

But what I conclude that Cookies - Session Authentication is more safer because Session is create on the server which is secure and no client side user get access to it.

while Authentication Token is simply work on the hash string, stores on client side. Anybody can access the string and copy the string and make the further request from other system If the token is not expired.

Is Access token really work If I copy the string from one system and run on other system.

I am so confused, Can anybody correct me here.

Possible duplicate of https://stackoverflow.com/questions/17000835/token-authentication-vs-cookies — laylaylom, Apr 09 '18 at 19:51

score 0 · Answer 1 · answered Dec 30 '17 at 17:33

I don't think you have read carefully. Note that cookies are saved in client's side (eg. browser). So, if someone put a little effort and manipulate the cookie, he/she can easily use that cookie info to access the server or what ever; you get the point.

Authentication Token vs Cookies - Session Authentication

1 Answers1