Much of the login functionality is purely hypothetical at this point, but one discussed option was using token-based authentication to handle the hurdles of session timeout and authorization.

One option presented was to use JWT to ease how this would work on the frontend side of things.