Lately I’ve been working on a project involving Spring Boot and Spring Security. It includes stateless API for authenticating users and restricting access to specific HTTP endpoints. I followed this Stateless Authentication with Spring Security[0] article. Sessions associated with users are stored in the database table, while users authenticate with session ID in Authorization request header. Pretty much what JWT does, except for I didn’t know about its existene at the moment, lol.