DrupalCon Nashville 2018: Leaving the State: Sessionless (Stateless)

Drupal’s authentication process can be expensive and difficult to scale. What do you do when you need to plan for an unknown but large number of authenticated users?

This presentation will show you how to allow Drupal to work with lots of authenticated users without taking down servers. We'll walk you through how we used an approach called stateless (sessionless) authentication with wholefoodsmarket.com to avoid database calls and the ways we are storing PII user data outside of Drupal.

What’s Covered?

Why scaling authenticated traffic is hard?
What is sessionless auth?
How can you use it to manage a single login to multiple sites, e.g. D7/D8?
Working with an external auth provider (e.g. Janrain)
PIIaaS!  Storing and serving Personally Identifiable Information as a Service
Proxying web-service calls - don’t do it!
How to delegate oauth tokens so your browsers connect to APIs directly
For Whom?

Enterprise architects looking for ways to build scalable authenticated experiences with Drupal.
Developers looking for authentication approaches that sign you in once but allow you to be authenticated in multiple places.

Drupal is a registered trademark of Dries Buytaert.