COOKIE & HTTP SESSION
H5 addition that adds a key/value store to browsers and cookies
Some examples of scaling stateful sessions:
Once you run multiple backend processes on a server: A Redis daemon (on that server) for session storage. Once you run on multiple servers: A dedicated server running Redis just for session storage. Once you run on multiple servers, in multiple clusters: Sticky sessions.
- Stateless JWT: A JWT token that contains the session data, encoded directly into the token.
- Stateful JWT: A JWT token that contains just a reference or ID for the session. The session data is stored server-side.
- Session token/cookie: A standard (optionally signed) session ID, like web frameworks have been using for a long time. The session data is stored server-side.
Stop using JWT for sessions http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/