Ask HN: Should I associate session data with an access token?
Trying to figure out a best practice here. My REST API is working well, but there is one small piece of data (other than the authenticated user) that I need to just persist for the life of a client session. I figured since the client is passing an auth header with every request anyway, it would be a good idea to associate this information with the respective auth token. Are there any design considerations I should contemplate before implementing this? If your client session is long lived, it could outlive the life of the access token -- that is, if the access token is either manually revoked or automatically expires. BTW, totally not grokking the requirements/goals around association.