All docs

Docs

Sessions & login security

Nonces, signed session cookies, and the fail-closed posture behind sign-in.

Single-use login nonces

Each sign-in fetches a one-time nonce with a short lifetime. Because the nonce is single-use, a captured login signature cannot be replayed to start a new session.

In production, nonces are backed by a shared store and fail closed — if the store is unavailable, sign-in is refused rather than allowing a non-single-use fallback.

Signed sessions

Your session token is cryptographically signed by the server and stored in a session cookie. It carries only your account identity and wallet family. The server never stores your private keys; all signing stays in your wallet.

What ends a session

  • Disconnecting your wallet.
  • The session cookie expiring or being cleared.
  • A verification failure, which keeps you signed out rather than partially in.