session
Session
A bounded interaction context. "Session" alone is ambiguous across services and must always be qualified.
Qualified forms:
Auth session (api.elonn.local)
A time-bounded record linking a member to an issued token. Expires. Stored in identity_sessions.
Runtime session (world.elonn.local)
The composed world state returned to the web runtime at boot. Contains the member's layout, services, and contract version. Not stored — computed on each request.
Surface session (surface.elonn.local)
A stateful interaction session with a surface object. Stored in surface_sessions.
Find session (find.elonn.local)
A query session grouping a member's search activity. Stored in finding_sessions.
Allowed:
- auth session
- runtime session
- surface session
- find session
Forbidden:
- session alone (must be qualified in all code, routes, payload keys, and UI copy)
Notes:
- In the world runtime contract, the
sessionkey refers to the runtime session — the member's current world context. It is not the auth session. - Auth sessions are managed entirely by the API service. Other services do not store or extend auth sessions.
Related:
- token (auth credential; see: token)
- runtime (world runtime session)
- contract