Three terms that get mixed up constantly — and a clear guide to what each one actually does. When I first started building login systems, I was drowning in terminology. Sessions. Cookies. Tokens. JWT. Stateful. Stateless. Every tutorial used different words for what seemed like the same thing, and I couldn't figure out how the pieces fit together. Here's what finally cleared the confusion: cookies, sessions, and JWTs are not the same category of thing. Comparing them is like comparing "envelopes," "letters," and "email" — they're related, but they serve different purposes. A cookie is a transport mechanism — it carries data between client and server A session is a server-side record of who you are A JWT is a self-contained token that proves who you are Once I understood what each one actually is , the authentication strategies built on top of them made perfect sense. Let me explain it the way it clicked for me in the ChaiCode Web Dev Cohort 2026. What Are Cookies?…