I am working on a RESTful API service. I never used the Session object for the HandleSpecialURL calls.
The client app logs in and it gets an access token. With this token the client app can make a variety of calls to the API service. The token is either stored as a header variable or as a value in a JSON package.
If the token is expired the client app needs to log in again to receive a new token. Each time the client app uses this token, the expiration timestamp of this token is reset. This way the client app doesn't have to re-login again.
Now my question. Is it necessary to write my data (request) handling code within a session instance?
I thought it wasn't needed. Since each request has a token. And without a valid token there is no information exchange possible.