@orangy We are using sessions with signed cookies from the server, which contain a user login token. The server looks up the userId of the loginToken on each request. That’s all we need to store in the session.