Share this page!

Sahn Lam Profile picture
Twitter logo
Mar 24 8 tweets 2 min read
1. Session, Cookie, JWT, Token, SSO, and OAuth 2.0 - here's what you need to know

These terms are essential for identifying, authenticating, and authorizing users online. Let's dive in👇 Image
2. WWW-Authenticate

🔹 Oldest & most basic method
🔹 Browser asks for username & password
🔹 Lacks control over login life cycle
🔹 Rarely used today
3. Session-Cookie

🔹 Server maintains session storage
🔹 Browser keeps session ID
🔹 Works mainly with browsers, not mobile app friendly
4. Token

🔹 Compatible with mobile apps
🔹 Client sends token to server for validation
5. JWT (JSON Web Token)

🔹 Standard representation of tokens
🔹 Digitally signed & verifiable
🔹 No need to save session info server-side
6. SSO (Single Sign-On) & OAuth 2.0

🔹 SSO: Log in once, access multiple sites
🔹 Uses CAS (central authentication service)
🔹 OAuth 2.0: Authorize one site to access info on another
Subscribe to our system design newsletter to get a Free System Design PDF (158 pages): blog.bytebytego.com Image
Like/Retweet the first tweet below to share the learning:

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Sahn Lam

Sahn Lam Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @sahnlam

Sahn Lam Profile picture
Mar 22
1. A single character change led to a 3.3x performance boost at Segment's internal tracing storage infrastructure, TraceDB.

This is the story of how a tiny tweak made a massive impact. Keep reading to learn more! 🚀
2. TraceDB's sorting algorithm is designed to sort tracing spans by trace ID and flush them to disk in an LSM tree during compaction. But the team at Segment noticed it was too sluggish when handling incoming queries.
3. They discovered that it was only doing work on one CPU core while others were idle. Time for some root cause analysis!
Read 11 tweets
Sahn Lam Profile picture
Mar 21
8 key data structures that power modern databases. Which one is your favorite, and why? Image
My preference? Definitely B-tree and LSM tree.

There's no denying that these two are the backbone behind the most powerful relational and NoSQL databases out there.
We have a video on this topic, too.

Watch and subscribe:
Read 4 tweets
Sahn Lam Profile picture
Mar 18
Mind-blowing AI advancements this week!

Check out the highlights:
Monday:

Stanford announced the Alpaca 7B model. It's a fine-tuned model based on Meta's LLaMA. It performs similar to ChatGPT but is lightweight enough to run on consumer devices. GPT-like models are getting cheaper and more accessible really fast.
Tuesday:

Google kicked off the day announcing the launch of AI features in GSuite, bringing GPT-like functionality to Docs and Gmail.
Read 7 tweets
Sahn Lam Profile picture
Mar 17
Have you ever wondered why Nginx is called a "reverse" proxy?

Check out this diagram to see the difference between a forward and reverse proxy. 🧵
A forward proxy, or just proxy, is a server that shields user devices from the internet.

Use it to:
1️⃣ Protect your online identity
2️⃣ Sidestep browsing restrictions
3️⃣ Block access to unwanted content
A reverse proxy server forwards requests to web servers and returns results as if it processed the request.

Use it to:
1️⃣ Shield against DDoS attacks
2️⃣ Load balancing
3️⃣ Cache static contents
4️⃣ Offload TLS termination
Read 6 tweets
Sahn Lam Profile picture
Mar 7
You loved my tweet on Stack Overflow's monolith. Now, let’s explore the opposite end of the spectrum: Netflix API architecture evolution.

Discover how Netflix API evolved through 4 stages.
1. Monolith

Like everyone else, Netflix started with a monolithic architecture where the entire application was packaged and deployed as a single entity.
2. Direct Access

To improve team autonomy and speed, the monolith was split into microservices. Each client made direct requests to the microservices. But with hundreds of them, exposing everything wasn't ideal.
Read 8 tweets
Sahn Lam Profile picture
Mar 5
1. Let's talk about a memorable challenge in running a massive online game years ago - the battle against DDoS attacks in online poker!
2. Why would anyone DDoS a poker game you might ask?

Here's one reason: to block anyone from sending continuation bets resulting in an automatic forfeit. The ill-gotten gains were then offloaded to a thriving black market.
3. So, how does a DDoS attack work?

The goal is to disrupt the normal flow of traffic to a service by sending a large volume of attack traffic from compromised devices called botnets.
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

Send Email!

:(