> ## Documentation Index
> Fetch the complete documentation index at: https://stytch.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# Using Stytch's session layer

> Sessions provide a way to uniquely identify users on your application and maintain useful state information, such as detecting whether a user is logged in or not, determining access privileges, personalizing experiences, and building user insights.

<Columns cols={2}>
  <Card title="Start of a session" href="/multi-tenant-auth/manage-sessions/lifecycle/start-session" icon="arrow-up-right">
    The session lifecycle through authentication to a full session.
  </Card>
</Columns>

## What is a session?

A session is a unique identifier for a member's authenticated state within an organization. It ties together the member's identity, authentication factors, and session metadata.

Once a member successfully authenticates, Stytch mints a Session object for the member—represented by two tokens:

### Session represented by tokens

<Columns cols={3}>
  <Card title="Member Session object" icon="braces" href="/api-reference/b2b/api/sessions/session-object">
    Represents an authenticated session for a specific member.
  </Card>

  <Card title="session_token" icon="coins" href="./jwts-and-tokens#using-session-tokens">
    An opaque token that's verified via API call.
  </Card>

  <Card title="session_jwt" icon="coins" href="./jwts-and-tokens#using-session-jwts">
    A signed token that can be locally verified.
  </Card>
</Columns>

***

## Session management

Stytch's SDKs provide a session management layer that abstracts token rotation, session validation, and more:

<Columns cols={2}>
  <Card title="Check for an active session" href="/multi-tenant-auth/manage-sessions/check-active-session">
    Control your application behavior based on whether a member has an active session.
  </Card>

  <Card title="Authenticate a session" href="/multi-tenant-auth/manage-sessions/validate-session">
    Validate session tokens or JWTs before any action that requires authorization.
  </Card>

  <Card title="Hydrate a session" href="/multi-tenant-auth/manage-sessions/hydrate-session">
    Hydrate the frontend session state from the backend.
  </Card>

  <Card title="Authorize a user" href="/multi-tenant-auth/enterprise-ready/rbac/enforcing-permissions">
    Enforce RBAC permissions in your application’s frontend and backend.
  </Card>

  <Card title="Add custom claims" href="/multi-tenant-auth/manage-sessions/custom-claims">
    Encode additional information into your session JWTs using custom claims.
  </Card>

  <Card title="Cookies and sessions" href="/multi-tenant-auth/manage-sessions/cookies">
    Options for cookie configuration options and HttpOnly cookies.
  </Card>
</Columns>

### Session lifecycle

<Columns cols={2}>
  <Card title="Intermediate sessions" href="/multi-tenant-auth/manage-sessions/intermediate-sessions/overview">
    Handle sessions during authentication flows that require intermediate steps.
  </Card>

  <Card title="Exchange sessions" href="/multi-tenant-auth/manage-sessions/lifecycle/exchange-session">
    Seamlessly switch a member's session between organizations.
  </Card>

  <Card title="Extend sessions & session expiration" href="/multi-tenant-auth/manage-sessions/lifecycle/extend-or-expire-session">
    Session duration and extending the lifetime of a session.
  </Card>

  <Card title="Revoke sessions" href="/multi-tenant-auth/manage-sessions/lifecycle/revoke-session">
    Immediately invalidate the session token, effectively logging the member out.
  </Card>
</Columns>