I am new to server side development and I am trying to build an API service in Ktor.
I do not understand the difference between Session and Principal. It seems from examples I have found, session and principal objects are both used to store information regarding a caller, such as their userId etc.
Why does Principal exist if Session achieves the same goal? What am I missing ?
Principal represents user identification, a credential's owner. It could be a user id, name or something.
A session is representing a user session, user interaction session on the particular device. There could be no user information in session. For example, you can have anonymous sessions without logins.
On the other hand, if a user is using your service from different devices, it will have multiple sessions but the user will be the same.