HTTP Session Management

COOKIE & HTTP SESSION

H5 addition that adds a key/value store to browsers and cookies

stateful session

Some examples of scaling stateful sessions:

Once you run multiple backend processes on a server: A Redis daemon (on that server) for session storage.
Once you run on multiple servers: A dedicated server running Redis just for session storage.
Once you run on multiple servers, in multiple clusters: Sticky sessions.

JWT session

  • Stateless JWT: A JWT token that contains the session data, encoded directly into the token.
  • Stateful JWT: A JWT token that contains just a reference or ID for the session. The session data is stored server-side.
  • Session token/cookie: A standard (optionally signed) session ID, like web frameworks have been using for a long time. The session data is stored server-side.

Stop using JWT for sessions http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/