sessionstokens

Sessionstokens are identifiers issued by a server to represent an authenticated user session. They enable a client to access multiple resources without re-authenticating on every request. Sessionstokens can be opaque, with the server storing session data and using the token as a key, or self-contained, such as JSON Web Tokens, which encode claims and can be validated cryptographically without a server lookup.

In typical deployments, a token is stored on the client and sent with each request, commonly via

Lifetimes for sessionstokens vary. Server-side sessions usually have a defined expiration and may be revoked centrally.

Compared to purely server-stored sessions, stateless tokens reduce server load but require careful handling to support