Your knowledge is scattered across dozens of sessions. You discussed authentication in 8 different conversations over 3 months. No single session has the full picture.
## Authentication system (synthesized from 8 sessions) ### Timeline - Feb 12: Initial design (session cookies + CSRF tokens) - Feb 19: Switched to JWTs (session "Auth redesign") - Feb 26: Added refresh token rotation - Mar 5: Rate limiting on auth endpoints - Mar 12: OAuth2 provider integration (Google, GitHub) - Mar 15: Fixed token refresh race condition - Mar 18: Added API key auth for service-to-service - Mar 22: Security audit, no issues found ### Current architecture - Short-lived JWTs (15min) + refresh tokens (7 days) - Refresh tokens: httpOnly cookie, rotated on use - OAuth2: Google + GitHub, with account linking - API keys: SHA-256 hashed, scoped to service ### Key decisions & reasoning 1. JWT over sessions: "Stateless = no session store to scale" 2. 15min expiry: "Balance between security and UX" 3. Cookie refresh tokens: "localStorage is XSS-vulnerable" ### Open questions (unresolved across sessions) - Should API keys have expiry dates? - Multi-device refresh token strategy not finalized
Memo can surface relationships between sessions you didn't know were connected.
The caching session (March 8) connects to: 1. "API performance profiling" (March 6) → You identified slow endpoints that led to the caching decision 2. "Redis vs Memcached" (March 9) → Follow-up research on cache backends 3. "CDN configuration" (March 14) → Extended caching to static assets after the API cache worked These sessions tell a story: profile → decide → implement → extend.
Manually piecing together information from memory and scattered notes. Memo gives you the full picture in one query.