Client-side sessions (stateless sessions) - Client Side Data


Client-side sessions (stateless sessions) are session data stored client-side (Generally browser data)

Client-side data is subject to tampering. As such it must be handled with great care by the backend

stateless mechanism means that the user state is never saved in the server memory.



To protect the contents of a client side session, you can sign it:

  • to validate the data against tampering
  • to authenticate the origin

Most of the time sessions are only signed and not encrypted because there should be no security or privacy concern when the data is read by third parties.


A third party (a client-side script) might be able to read client side data if they are stored in an unencrypted JWT

Client side data that may raise privacy concerns must not be left unencrypted (Example: user’s shopping cart).

Discover More
Jwt Auth Flow
Authentication - Jwt (Json web token)

json web token is a token. It's also known as jot. When a JWT is signed, it becomes a JWS and can be used for sender authentication and authorization. The main purpose of JWTs is to transfer (ie identity...
Browser - Storage (Client Side Data)

This page is client side data (ie stateless session) in the browser. cookie local storage WebStorage - name/value pairs - Method of storing data locally...

Share this page:
Follow us:
Task Runner