> you only have to store expired sessions (until their time-limit expires) rather than every session).
I don’t know of any companies that even do this. As far as I know, most use cases store nothing, except for of course the client storing the response.
I don’t know of any companies that even do this. As far as I know, most use cases store nothing, except for of course the client storing the response.