API User Session Spring

I am developing an API via web services in Spring MVC. The user must authenticate, and a cookie set in the client browser. Now this API won't be on the same domain, so I need a way to know when a session on the client has timed out since they will be making API requests after logged in. What is the best secure way to do this? Sto开发者_如何学Goring information in session, cache, database to compare with the request cookie on the Server?

In my case, I generate an unique authentication token for user who has successfully authenticated. Everytime the user needs to invoke any web services, they need to pass the authentication token along.

My authentication token is generated, something like this:-

Date creationDate = new Date();
String key = UUID.randomUUID().toString().toUpperCase() + "|" + userName + "|" + creationDate.getTime();
String authenticationToken = ... // encrypt key with Jasypt

I appended the creation date because it allows me to check against the time-to-live. Everytime the user calls any web service, I'll check the idle duration using the creation date. If the idle duration is less than 30 minutes, I reset the idle duration back to zero and allow the user to execute the web service. However, if the user idles for more than 30 minutes, I consider the authentication token to be invalid, and they have to reauthenticate to get a new token.