Not to be confused with JWT auth, per se. Even though, cookies are the most common way for token-JWT auth. Here is more on Cookies themselve.
Also, Session Auth often uses cookies too. Yet, the difference between session-based and cookie-based is that in session-based auth, the cookie is used to store a session identifier. This identifier matches a session in the session storage of the server.
Token based (or JWT) auth is by definition stateless. For this
Advantages over Session Auth:
- No separate storage needed
- Scaling client and server is easy
Disadvantages:
- Invalidation of JWTs is not easy
- In theory, more complicated