End-to-end encryption is mandatory to safeguard user session tokens and prevent man-in-the-middle (MITM) attacks.