What is the principle behind session login authentication?

The principle of Session authentication is to create a unique Session ID for a user after they successfully log in, and store this ID along with the user’s login status on the server. The server sends the Session ID to the client’s browser by setting a HTTP header field called “Set-Cookie” in the response.

The client browser will save the Session ID in a Cookie once it receives it. When the client sends another request to the server, it will automatically send the saved Session ID via the Cookie. The server will then use the received Session ID to look up the corresponding Session information to determine the user’s login status.

By using this method, the server can verify the user’s identity when accessed by the client, maintain the user’s login status, and provide personalized services. Furthermore, due to the fact that the Session ID only exists in the client’s cookie, Session login authentication offers a higher level of security compared to storing the user’s login information in URL parameters or request bodies.