Aplikasi modern nggunakake macem-macem mekanisme autentikasi — berbasis session, berbasis token (JWT), lan autentikasi delegasi (OAuth/OpenID Connect). Mangerteni kepiye saben-saben bisa nggenah, lan trade-off-e, penting banget kanggo implementasi autentikasi sing aman.
Autentikasi berbasis session
SESSION-based (traditional):
→ user logs in → server creates a SESSION (stored server-side) → sends a session ID
cookie → the browser sends it with each request → server looks up the session
✓ server controls sessions (easy to revoke); simple; cookie auto-sent
✗ stateful (server stores sessions); scaling needs shared session storage
