Elonn Docs Platform Documentation

session

identity canonical authority: varies — always qualify

Session

A bounded interaction context. "Session" alone is ambiguous across services and must always be qualified.

Qualified forms:

Auth session (api.elonn.local) A time-bounded record linking a member to an issued token. Expires. Stored in identity_sessions.

Runtime session (world.elonn.local) The composed world state returned to the web runtime at boot. Contains the member's layout, services, and contract version. Not stored — computed on each request.

Surface session (surface.elonn.local) A stateful interaction session with a surface object. Stored in surface_sessions.

Find session (find.elonn.local) A query session grouping a member's search activity. Stored in finding_sessions.

Allowed:

  • auth session
  • runtime session
  • surface session
  • find session

Forbidden:

  • session alone (must be qualified in all code, routes, payload keys, and UI copy)

Notes:

  • In the world runtime contract, the session key refers to the runtime session — the member's current world context. It is not the auth session.
  • Auth sessions are managed entirely by the API service. Other services do not store or extend auth sessions.

Related:

  • token (auth credential; see: token)
  • runtime (world runtime session)
  • contract