Welcome to the website of Davis Fiore

Both authenticate with username and password and both generate a temporary token, called session id in the case of the session-based authentication and token in the case of the token-based authentication.

The main difference is that session authentication is stateful, whereas token-based authentication is stateless. That means that the former can associate many information to the session, on the server side.

Normally token-based authentication doesn't use cookies, whereas session authentication usually uses cookies.