What we’ve been building so far is broadly called a stateful authentication setup.
“State” in here refers to the database table on the server side where we store the session token, which is keeping track of the users who have been logged in. Without such server-side state, we won’t be able to tell “who” is allowed to access the private portions of the site without