It's really a thoughtful article. I want to add more information to solve the shared memory problem in the authentication context. We can use the JWT token to ensure only legitimate users can access it. We don't want to maintain session ID on any kind of database or on the server. Still, we need to maintain a refresh_tokens on the server.IT can be done by Redis to build a highly scaleable system.