Client-side sessions (stateless sessions) are session data stored client-side (Generally browser data)
Client-side data is subject to tampering. As such it must be handled with great care by the backend
stateless mechanism means that the user state is never saved in the server memory.
To protect the contents of a client side session, you can sign it:
Most of the time sessions are only signed and not encrypted because there should be no security or privacy concern when the data is read by third parties.
A third party (a client-side script) might be able to read client side data if they are stored in an unencrypted JWT
Client side data that may raise privacy concerns must not be left unencrypted (Example: user’s shopping cart).