1 00:00:02,060 --> 00:00:05,010 And that is it for this course section. 2 00:00:05,010 --> 00:00:08,580 You learned that authentication is all about protecting 3 00:00:08,580 --> 00:00:12,680 certain areas, certain pages on your website, for example, 4 00:00:12,680 --> 00:00:16,580 or avoiding certain actions that can be taken by the user. 5 00:00:16,580 --> 00:00:20,150 And that it's a multi-step process where you need to allow 6 00:00:20,150 --> 00:00:23,450 users to create accounts and then log in. 7 00:00:23,450 --> 00:00:27,120 But where then most importantly, you need to store 8 00:00:27,120 --> 00:00:31,040 on the server whether a given user is allowed 9 00:00:31,040 --> 00:00:33,800 to access certain resources or not. 10 00:00:33,800 --> 00:00:35,990 And that is what we typically implement 11 00:00:35,990 --> 00:00:40,290 with help of sessions and cookies as shown on this slide. 12 00:00:40,290 --> 00:00:44,470 Where we validate credentials, then store some 13 00:00:44,470 --> 00:00:47,650 You Are Authenticated Data in a session 14 00:00:47,650 --> 00:00:50,670 on the server, for example, in a database. 15 00:00:50,670 --> 00:00:52,520 And where we then send back a cookie 16 00:00:52,520 --> 00:00:54,690 with that session ID to the client 17 00:00:54,690 --> 00:00:58,300 so that the client, the browser is able to store that cookie 18 00:00:58,300 --> 00:01:01,040 and send it along with future requests 19 00:01:01,040 --> 00:01:04,150 so that we then know which session belongs to this client. 20 00:01:04,150 --> 00:01:06,350 And we can then look into the session 21 00:01:06,350 --> 00:01:10,770 to find out whether that user is authenticated or not. 22 00:01:10,770 --> 00:01:14,770 And we did learn that both sessions and cookies can be used 23 00:01:14,770 --> 00:01:18,620 outside of the authentication scope as well. 24 00:01:18,620 --> 00:01:21,580 That's a very prominent and useful scenario 25 00:01:21,580 --> 00:01:24,230 where you do use sessions and cookies. 26 00:01:24,230 --> 00:01:27,300 But you can use cookies for other things as well. 27 00:01:27,300 --> 00:01:29,020 In the end, you just set a cookie 28 00:01:29,020 --> 00:01:31,330 by sending back the appropriate header, 29 00:01:31,330 --> 00:01:34,110 as you saw the set cookie header, 30 00:01:34,110 --> 00:01:37,590 and you can also use sessions for other things. 31 00:01:37,590 --> 00:01:42,000 Like I did it before for flashing this input information 32 00:01:42,000 --> 00:01:44,370 and this error onto a session 33 00:01:44,370 --> 00:01:47,370 so that when we redirect back to the signup page, 34 00:01:47,370 --> 00:01:49,540 we can show this error message 35 00:01:49,540 --> 00:01:53,720 and we can pre-populate those input fields, but only once. 36 00:01:53,720 --> 00:01:56,713 So you can always use sessions for things like that. 37 00:01:57,730 --> 00:01:58,930 And last but not least, 38 00:01:58,930 --> 00:02:01,800 you learned about the difference between authentication 39 00:02:01,800 --> 00:02:05,710 and authorization that you might be authenticated 40 00:02:05,710 --> 00:02:09,050 and you still might not be allowed to view all the data 41 00:02:09,050 --> 00:02:12,200 and all the pages on a given website. 42 00:02:12,200 --> 00:02:15,800 Now we are going to see and practice authentication again. 43 00:02:15,800 --> 00:02:18,463 When we later built this complete online shop.