There are three types of persistence for authentication: Stateless and Session . The user information is stored in a token which is signed, encrypted, and stored in a Cookie. Once the user logs in, the user identification is contained in the session.