distributed systems

User authentication is a requirement for almost any web application but how much do we know about it? Should we use classical sessions or modern tokens?