Sessions
Create table in DB like this.
You give that session id to the client (prefrerrably in an httpOnly cookie) and every time they make an API call they send that id.
Every request you need to validate the id by fetching from DB. To combat a bit the inneficiency of having to query DB every time, redis or other cache db is commonly used.
advantages
- can be modified any time server side. this makes implementing a few things easier compared to JWT (like limiting concurrent logins and "sign out everywhere")
- big list of DB adapters.
disadvantages
- Database sessions need a roundtrip to your database, so they might be slower on scale unless your connections/databases are accommodated for it
- Many database adapters are not yet compatible with the Edge, which would allow faster and cheaper session retrieval
- Setting up a database takes more effort and requires extra services to manage compared to the stateless JWT strategy