The Secret Security Wiki


Stateless Cloud

What are Stateless Clouds?

Transmissions via stateless protocols means that data is being transmitted without any information about the sender or receiver being retained by either.

Thus, both are unaware of the “state” of the other.

The upside of clouds using stateless protocols is that they allow administrators to use the cloud without revealing credential information, reducing the risk of credential theft.

Additionally, because session data is stored on the client side instead of the user’s backend, stateless authentication is easy to scale.

How Do Stateless cloud Work?

Instead of using sessions and stored user information for authentication, many stateless web applications use cryptographic tokens called JSON Web Tokens or JWTs. In a token-based application, when a browser or mobile client issues a request, the responding server creates a JWT with a secret and sends the JWT to the web client. The server then validates the JWT with every request from the client and sends a response.

The most important difference between stateful and stateless clouds via is: The user’s state is not stored on the server, but instead inside the encrypted token on the client side, saving the authenticating server resources by authenticating the client side instead of re-sending requests to the authentication server.

stateless Cloud Secret Double Octopus