I heard that handling web-server sessions may no longer be necessary. As a developer, I'd be delighted not to have manage sessions, especially on scaled systems that require session handling across many instances.

JSON Web Tokens can enable session-less requests. Here are links to review.

• https://www.codeschool.com/blog/2014/02/03/token-based-authentication-rails/
• https://float-middle.com/json-web-tokens-jwt-vs-sessions/
• https://www.sitepoint.com/introduction-to-using-jwt-in-rails/
• https://scotch.io/tutorials/the-anatomy-of-a-json-web-token
• https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
• https://developer.atlassian.com/static/connect/docs/latest/concepts/understanding-jwt.html
• https://jwt.io/introduction/
• https://tools.ietf.org/html/rfc7519