I am learning ReactJS and got started with authentication.
In one of the lectures, it was said that "server-side sessions are a great way of enabling authentication but they do require a tight coupling between backend and frontend."
Here is my understanding of server-side sessions -
- A user logs in through a form on the React JS front end.
- The credentials are sent to the backend server.
- Upon successful authentication, the backend generates a session token (which is stored on the server, mapped to the user ID or some other user credential) and sends it back to the front end.
- The front end includes this token in subsequent requests, allowing the back end to identify and authenticate the user.
Here is my understanding of tight coupling - Changes made to one component result in making changes to the other component. Here, components are dependent on one another and are less flexible.
I did not quite understand what they truly meant when they said "server-side auth results in tight coupling" and how said tight coupling can exist.
Is there a scenario out there where server-side sessions do create a tight coupling?
If so, then why is it a popular authentication mechanism and opted by many?