-> The common and old way to implement authentication is the cookie-based approach where the cookie is sent with each request from the client to the serve, and on the server it is used to identify the authenticated user.
-> Now a days the preferred approach to authenticate users is to use signed token sent to the server with each request.
Scalability of Servers
-> The token sent to the serve is self-contained which holds all the user information needed for authentication, so adding more servers to you web farm is an easy task, there is no dependency on shared session stores.
-> The front-end application is not coupled with specific authentication mechanism, the token is generated from the server and API is built in a way to understand this token and do the authentication.