1 comment

[ 3.7 ms ] story [ 13.4 ms ] thread
Hey everyone - Clerk cofounder here. We're frequent readers of HN ourselves and have enjoyed the spirited debate about stateless-vs-stateful auth over the years.

The consensus we reached is that stateless auth is good, but the amount of development required for _secure_ stateless auth is prohibitive.

We built our session management service to make stateless and revocable auth incredibly easy to implement. The tokens are short-lived and we handle all the refresh automatically with our SDKs. A real-time demo of that is available here: https://edge.clerk.app

If your company could benefit from shaving some milliseconds off your authentication check, or if you'd like to add device management and revocation to your application - we'd love to chat!

Today our session management product is still coupled with our user management product, but that will change soon!