In this question, it was suggested to use token, given by server after user authentication, to control the access to webservice methods.
The idea is quite simple. After login, the server passes to client a token that is used to call methods.
My question is:
How would server know that token is valid? A table with tokens and expiration date is a good approach?