When trying to design for stateless services one finds it easy to reduce the information stored in an http session but for one piece: whether the client has authenticated against the server or not. Usually you would implement a proccess for authenticating like this: Client submits credentials (login / password) to the server Server checks … Continue reading Stateless user sessions with encrypted session IDs →