Docs
Sessions & login security
Nonces, signed session cookies, and the fail-closed posture behind sign-in.
Single-use login nonces
Each sign-in fetches a one-time nonce with a short lifetime. Because the nonce is single-use, a captured login signature cannot be replayed to start a new session.
In production, nonces are backed by a shared store and fail closed — if the store is unavailable, sign-in is refused rather than allowing a non-single-use fallback.
Signed sessions
Your session token is cryptographically signed by the server and stored in a session cookie. It carries only your account identity and wallet family. The server never stores your private keys; all signing stays in your wallet.
What ends a session
- Disconnecting your wallet.
- The session cookie expiring or being cleared.
- A verification failure, which keeps you signed out rather than partially in.