Just another developer trying to get his tests fast, his features to add value and his bloody code to compile! Lately I've been enjoying writing about the best way to release software!
I'm not convinced this is a fair assessment of the two.
Session information could be stolen: Don't store sensitive things in your token.
Resource consuming: What extra information are you storing in the token for stateless that is "resource consuming"?
Stateless is perhaps more involved, though both should be managed by libraries anyway.
True
Authentication token is slightly bigger but you shouldn't really need to store much in it.
You most definitely can and should restrict certain parts of your system to different roles no matter the mechanism you use (not sure if that's what you meant)
Stateless definitely makes it difficult to revoke tokens
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I'm not convinced this is a fair assessment of the two.