Cookie session token

Exchange your username and password for cookie containing the session Id

The Cookie is only the medium used to transport the session Id,and it used because it is convenient

服务器保存session Id, 你保存cookie中的session id 在文件中,Id 是随机生成的,当登出后,服务器删除id, 并指示将客户端的id也删除,这就是 cookie-based Authentication

Tokens tend not to need a session on the server but they may have one in the case jwt token, it contains the session information as well, so it contains actual data about you as user.

Most of time tokens are being sent using HTTP headers and not cookies. The reason is nowadays many interactions happened outside of browsers

AddAuthentication adds the auth services whereas UseAuthenticationadds the .NET Core’s authentication middleware to the pipeline.

If you have your own custom middleware, you don’t need UseAuthentication