How Websites Remember You (Cookies, Sessions, and Tokens)
🍪 Cookies – The Tiny Notes in Your Browser#
Imagine you walk into a candy store, and the person at the counter gives you a small name tag sticker that says “Hi, I’m Alex!” You stick it to your shirt. The next time you walk in, they look at your sticker and go, “Hey Alex, welcome back! Your favorite candy’s in stock!”
That’s kind of how cookies work.
Cookies are tiny pieces of data that websites store in your browser. They help sites remember stuff like:
- Your login info
- What’s in your shopping cart
- Your preferences (dark mode, language, etc.)
The browser sends these cookies back to the website each time you visit, so the site “remembers” you.
🧼 Sessions – The Locker at the Front Desk#
Now picture this: instead of giving you a name tag, the candy store gives you a locker key when you first arrive. You put your backpack inside, and the store keeps it safe for you. Every time you come back, you give them your locker key, and they hand you your stuff.
That’s what a session is like.
With sessions:
- The website stores your information on its own server
- You get a special ID (usually saved in a cookie)
- That ID is your “key” to access your stored info while you browse
Sessions are usually temporary — they last while you’re on the site, or until you log out.
🛡️ Tokens – The Secret Passcode#
Now imagine the store gives you a magic passcode that proves who you are. Every time you want to buy something or access a special area, you show your passcode. The store doesn’t remember your name or hold your backpack — it just checks if the passcode is valid.
That’s a token.
Tokens are used a lot in modern web apps and APIs. Especially:
- JWTs (JSON Web Tokens), which store info securely inside the token itself
- They’re usually sent in headers, not cookies
- Great for mobile apps and secure systems
Unlike sessions, tokens don’t need to be stored on the server — they work more like a self-contained ID card.
🧠So… How Do Websites Remember You?#
- Cookies = Little notes your browser carries around
- Sessions = Info stored by the website; you hold a locker key
- Tokens = A smart ID card you show every time
They all help websites know:
- Who you are
- If you’re logged in
- What you’re doing on the site
âś… Quick Summary#
| Method | Stored Where? | Best For | Stays Logged In? |
|---|---|---|---|
| Cookies | In your browser | Preferences, small info | Sometimes |
| Sessions | On the server | Logins, carts, user data | Until logout |
| Tokens | In the browser or app | APIs, mobile apps, security | Yes (until token expires) |