# Stateless Session Management

* Authopia uses stateless sessions. That means that sessions are not stored on the server side. It uses JWT tokens which are cryptographically signed by Authopia.
* For you to verify a token's validity you need to use our provided public key and check the signature which is inside the token. If it’s valid - data in JWT can be trusted.<br>
* JWTs have great security and also it can be validated on the client side only, meaning that you’ll not have major performance decreases for this particular action.<br>
* After Authopia authenticates the user it returns ID token via widget `onSuccess` callback, which is valid for 30 minutes. Also access token and Refresh token are returned as secure HTTP only cookies for further communication with Authopia


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://developers.authopia.io/docs/front-end/stateless-session-management.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.