When the information managed by an application is not meant to be public, a mechanism is required to verify that a user is allowed to see certain data; this is called authentication. The most common authentication method in web applications nowadays is the use of a username or identifier and a secret password combination.
HTTP is a stateless protocol, which means it treats all requests as unique and doesn't have a way of relating two as belonging to the same user, so the application also requires a way of distinguishing requests from different users and allowing them to perform tasks that may require a series of requests performed by the same user and multiple users connected at the same time. This is called session management. Session identifiers in cookies are the most used session management method in modern web applications, although bearer tokens (values...
