https://gluu.co/stop-using-jwt-for-sessions → http://cryto.net/~joepie91/blog/2016/06/13/stop-using-jwt-for-sessions/