# 2003-GHP Cookie Jar: Cookies, Sessions, OAuth Put your pending and outstanding questions here 👇 Make the question in H2 tag by using '##' Example: ## What is JavaScript? ## What does the counter do…? Its different from id… right…? And looks like there is no key called id when I console log the req.session... ## Answer - The counter is supposed to keep track of the total number of requests per client. - `console.log(req.headers`)! and see what you find becaause I said that the `id` was sent in the headers in the lecture! :D ## So if there’s a kind of sketchy website and they offer you to login with your google/facebook/whatever account, you shouldn’t do it because they could potentially access and store your login info for that site? Or is the data they have access to controlled by the provider website? ## Answer The data they have access to is controlled by the provider website! ## What is the benefit of login through a provider? Just one less password to remember? (For the user) - One less password - You might not trust that website you're trying to create an account with The idea here is that the provider is the "trusted third party" to mediate! ## Question from the chat: Does user have access to client secret? No, the public and private secrets are for the consumer application. This is how we can prove who we (the consumer application) say we are to the provider