data lists user ID, roles, permissions, and more. Importantly, it makes the server "stateless." Each request includes all the details needed to authenticate and authorize the user. Storage of User Data JWTs Versus Session IDs A session ID is a long, random string. It links to user data stored on the server. This data is often in memory or a database. When a request arrives, the server uses the session ID to find user information. This method, however, makes the server "stateful."