@mccraigmccraig: I looked up and read some things about JWT, but not sure I fully understand how users can login from anywhere if the authentication is stateless (i.e., no database).

@dijonkitchen: with JWT you still need to keep authentication in the database (store usernames, bcrypted passwords). However, you don't need to store sessions there

i.e. when/if a user is logged

This information will be contained in the signed/encrypted JWT token that you pass around as an header in every request you do to the server.

got it

I’m used to the normal session cookie

Yep, one of the advantages of JWT is that security-wise you also get rid of all the cookie-related attacks

cool, that’s awesome

The user process still seems complicated to me with Datomic, schemas, and scrypt. Maybe it’s because I’m coming from the Ruby on Rails world, but I’m surprised there isn’t more documentation on just setting that all up easily.

@dijonkitchen: never been to Rubyland (always been on Python and Clojure) and in general I'm surprised too that there isn't a single library/framework that handles all those things easily

Django comes close to that, but it's still not there and gets bloated easily