Session Handling
Sessions are managed via secure cookies.
- HTTP-only
- SameSite protected
- Expiration enforced
Session invalidation occurs when:
- User logs out
- Token expires
- Device is revoked
Sessions are managed via secure cookies.
Session invalidation occurs when: