Security / Auth
Session
The server's running memory that a particular user is currently logged in.
A session is a coat-check ticket: the server keeps the actual coat (your identity and state), and hands the browser a small numbered stub — the session ID, usually stored in a cookie. This is the main alternative to stateless JWTs, and its big advantage is revocation: to log someone out everywhere, you just delete their session server-side, whereas a leaked JWT stays valid until it expires. When AI builds you a login system, know which model it picked, because it changes how 'log out all devices' and security incidents are handled.