How to do stateless (session-less) & cookie-less authentication?
问题 Bob uses a web application in order to achieve something. And: His browser is on diet, therefore it does not support cookies . The web application is a popular one, it deals with a lot of users at a given moment - it has to scale well. As long as keeping session would impose a limit to the number of simultaneous connections , and, of course, will bring a non-negligible performance penalty , we might like to have a session-less system :) Some important notes: we do have transport security (