Ask HN: Should I associate session data with an access token? Trying to figure out a best practice here. My REST API is working well, but there is one small piece of data (other than the authenticated user) that I need to just persist for the life of a client session. I figured since the client is passing an auth header with every request anyway, it would be a good idea to associate this information with the respective auth token. Are there any design considerations I should contemplate before implementing this? |