Thanks for appreciating about articles. I know about the convention what you mentioned, may be i have not used here. Yeah ofcourse, it removes one level of nesting from code and is much cleaner and readable. And I defined scope for different roles, that will be resolve your problem. Session is not good approach, if your client is running on different server. So, in case of your server and client both are running on different server, you need to implement token based authentication.