# Session A session is a semi-permanent state maintained between a client and server across multiple requests. Since HTTP is a stateless protocol, sessions provide a mechanism to track user identity and state across sequential interactions. When a user logs in, a session is created on the server and a session identifier (typically stored in a cookie) is sent to the client. Session management approaches include server-side sessions (state stored in server memory or a database, referenced by a session ID), client-side sessions (state encoded in a cookie or token, such as JWT), and hybrid approaches. Server-side sessions provide more control but require shared storage in distributed systems. Client-side tokens are stateless and scale more easily. In API and serverless architectures, stateless authentication mechanisms like JWT tokens are generally preferred over server-side sessions because serverless functions are ephemeral and do not maintain local state between invocations. API gateways can validate session tokens or JWTs on behalf of backend services, centralizing session verification and reducing the burden on individual services. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.serverlessapigateway.com/glossary/s/session.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.