What is the HTTP, HTTPS, SSL, TLS, Cookies, Sessions, and Tokens? | Difference |Explained



HTTP stands for Hypertext Transfer Protocol. Hypertext is essentially the content you are viewing in your web browser, and it is a method of transferring that between a server, a web server on the internet into you, into your browser. In HTTP we have two concepts: -

  1. Client and
  2. Server.

The client is any user with a computer and internet connection trying to get some information from the server which is requesting information.

 Then the Server searches for information and responds back to the client.

This request and response make a cycle which is called Client-Server Model.

A request of two types that gets and post request. For example, when you’re watching a video on YouTube, a Web browser is a client and YouTube is a server.

HTTP is also called a stateless protocol because each request is executed independently, that is without any knowledge of the request executed before it. When you roll dice every time you get a new number that is a good example of the HTTP request.

HTTP sends communication between server and browser in the clear, it is not encrypted between you and the web server.

HTTP works on TCP (Transmission Control Protocol). HTTP works on the application layer of the OSI (Open System Interaction) model.

HTTP requests are generated by a user’s browser as the user interacts with web properties. For example, when a user clicks a link on a web.



HTTPS stands for Hypertext Transfer Protocol Secure. HTTPS has the same Client-Server Model that exists here, but the difference is both Client and Server have KEYS.

HTTPS encrypts that transmission to and from a server. A result from HTTPS is more secured than results from HTTP.

HTTPS uses TLS (SSL) to encrypt HTTP requests and responses.

SSL stands for Secure Socket Layer. It is a security protocol that provides privacy, authentication, and integrity to internet communications.

TLS stands for Transport Layer Security.

A website that uses HTTP has http:// in its URL, while the website that uses HTTPS has https:// in its URL.

www is about communication between the web, clients, and servers. Communication between client computers and web servers is done by sending HTTP requests and responses.


Sessions and Cookies are used when we want to collect or store data from users. Example of cookies and session when you want to login to a shopping cart, since there is required for user interaction. Sessions and Cookies are fundamental staff that everybody should know it.

COOKIES are just small text files in your browsers as CACHE MEMORY. The maximum capacity of the cookies file is 4KB.


The client has stories of cookies and the Server have stories of sessions. Browser stores your cookies and Server stores your sessions, i.e. Session ID is randomly generated every time your login to the system or website when logout the randomly generated session ID is deleted from the server.

Generally, cookies are set using the HTTP headers, but browsers handle these types of headers differently.


Tokens involve in the authentication process for example when you want to access your Google account in a particular mobile app, you will first be asked to confirm it before you proceed. Tokens do not contain your username or password; hence you can trust them as authentication.

Tokens may contain session information. Using tokens many third parties are involved, hence many securities issues involved.

Tokens lifetime is limited, that is short lifetime. Tokens need to be refreshed or reformed for the next login session. Tokens are sent using HTTP headers and not cookies.


The difference between Cookie-Based and Token-Based authentication is, that Cookie-Based are on the internet (http://) in browsers BUT Token-based are used in Mobile Apps.

Other Recommended for you

  • .Firebase Realtime Database vs Firestore.
  • .What is an Intent in Android? Types of Intent
  • .What is Firebase?
  • .How to Get Number of Remaining Days Between Two Date in PHP