-> The traditional way of having our applications remember who we are is to store the user logged in information on the server. This can be done in a few different ways on the session, usually in memory or stored on the disk.
The problems with Server Based Authentication
-> Every time user is authenticated, the server will need to create a record somewhere on our server. This is usually done in memory and when there are many users authenticating, the overhead on the server increases.
-> Since sessions are stored in memory, this provides problems with scalability. As our cloud providers start replicating servers to handle application load, having vital information in session memory will limit our ability to scale.
-> As we want to expand our application to let our data be used across multiple mobile devices, we have to worry about cross-origin resource sharing. When using AJAX calls to grab resources from another domain (mobile to our API server), we could run into problems with forbidden requests.