[WIP] Web Auth - Session vs JWT