Is about confirming that a user is, who he claims he is. Is not the same as Authorization.
Web dev auth
There are two main ways for doing auth:
As session auth gives the developer more power, as the data is controlled on the server, it is mostly preferred.
For storing auth data, there are two options:
Yet, with local storage, Object.entries(localStorage)can easily read all data in the local storage to steal sensitive data.
On the other hand, Cookies for sensitive information is vunlerable to CSFR.
Yet, cookies offer a lot of security settings, compared to local storage. Therefore, Cookies are mostly used.