Both authenticate with username and password and both generate a temporary token, called session id in the case of the session-based authentication and token in the case of the token-based authentication.
The main difference is that session authentication is stateful, whereas token-based authentication is stateless. That means that the former can associate many information to the session, on the server side.
Normally token-based authentication doesn't use cookies, whereas session authentication usually uses cookies.
Copyright © 2013 Welcome to the website of Davis Fiore. All Rights Reserved.