What is a session?
A session is a unique identifier for a member’s authenticated state within an organization. It ties together the member’s identity, authentication factors, and session metadata. Once a member successfully authenticates, Stytch mints a Session object for the member—represented by two tokens:Session represented by tokens
Member Session object
Represents an authenticated session for a specific member.
session_token
An opaque token that’s verified via API call.
session_jwt
A signed token that can be locally verified.
Session management
Stytch’s SDKs provide a session management layer that abstracts token rotation, session validation, and more:Check for an active session
Control your application behavior based on whether a member has an active session.
Authenticate a session
Validate session tokens or JWTs before any action that requires authorization.
Hydrate a session
Hydrate the frontend session state from the backend.
Authorize a user
Enforce RBAC permissions in your application’s frontend and backend.
Add custom claims
Encode additional information into your session JWTs using custom claims.
Cookies and sessions
Options for cookie configuration options and HttpOnly cookies.
Session lifecycle
Intermediate sessions
Handle sessions during authentication flows that require intermediate steps.
Exchange sessions
Seamlessly switch a member’s session between organizations.
Extend sessions & session expiration
Session duration and extending the lifetime of a session.
Revoke sessions
Immediately invalidate the session token, effectively logging the member out.