What are the two types of Windows tokens and how do they differ?

Windows has two types of tokens: delegation tokens for interactive sessions (like local or RDP login) and impersonation tokens for non-interactive logins (like net use). After a user logs off, their delegation token becomes an impersonation token, which remains valid until reboot. Understanding token types is key to token theft and exploitation.