One of the things that I am working on in my project is to build the stateless server, so that scaling becomes easy as more requests come in.<p>- One of the key things is how to handle user authentication in such scenarios<p>- One of the methods that I have used in past is, server sending the immutable token(os username, md5(password)) and client sends that token with each request<p>- Problem? It turns out to be expensive because with each call I need do validate username, password against database and surely it will become performance bottleneck<p>- I heard today another approach where servers signs the token(with some data and timestamp(is needed)) and sends it to client. The client(read Backbone, Angular, etc) will intercept HTTP calls and send this token to server on each subsequent request<p>- Advantage? You no longer need to persist cookies on the disk(better security) and server on receiving token decrypts data and validates that it can read the information(no database lookup, voila!)<p>- What I need? I would like to learn more about second approach, where is it being used, how servers signs the data and validates it<p>Please share your experiences, I am listening