Session management : How to generate Authentication token for REST service ? (Jersey)

Question

I am trying to implement session management in my REST service. I came to know these guidelines while surfing :

1. Not using server side sessions - it violates

Answer 1

For simplicity sake, I generate my own authentication token using UUID before encrypting the entire token with Jasypt:-

String key = UUID.randomUUID().toString().toUpperCase() +
        "|" + someImportantProjectToken +
        "|" + userName +
        "|" + creationDateTime;

StandardPBEStringEncryptor jasypt = new StandardPBEStringEncryptor();

...

// this is the authentication token user will send in order to use the web service
String authenticationToken = jasypt.encrypt(key);

The key contains the creationDateTime so that I can use it to verify the time-to-live. This way, if the user uses the same authentication token after X minutes, it will not work anymore, and I'll send back a 403 forbidden code.