Hello readers 👋, welcome to the 15th blog in our Node.js series! In our previous posts, we built a REST API, learned how to protect routes with JWT, and explored middleware and file uploads. Authentication has come up several times, but today we’re going to take a step back and look at the bigger picture. We’ll compare three pillars of authentication in web applications: sessions , JSON Web Tokens (JWT) , and cookies . If you’ve ever been confused about when to use a session-based login, when to reach for a JWT, or where cookies fit into all this, this post will clear things up. We’ll keep it practical, avoid deep security rabbit holes, and end with a decision framework you can apply to your next project. Let’s get started. What are cookies? Cookies are small pieces of data stored on the client (browser) by the server via the Set-Cookie header. They are automatically sent back to the server with every subsequent request to the same domain.…