[{"data":1,"prerenderedAt":1233},["ShallowReactive",2],{"navigation":3,"-adapters-lower-level":167,"-adapters-lower-level-surround":1230},[4,22,78,106,141,148],{"title":5,"path":6,"stem":7,"children":8},"Introduction","\u002Fgetting-started","0.Getting-Started\u002F0.index",[9,10,14,18],{"title":5,"path":6,"stem":7},{"title":11,"path":12,"stem":13},"Installation","\u002Fgetting-started\u002Finstallation","0.Getting-Started\u002F1.installation",{"title":15,"path":16,"stem":17},"Quickstart","\u002Fgetting-started\u002Fquickstart","0.Getting-Started\u002F2.quickstart",{"title":19,"path":20,"stem":21},"Core concepts","\u002Fgetting-started\u002Fcore-concepts","0.Getting-Started\u002F3.core-concepts",{"title":23,"path":24,"stem":25,"children":26,"icon":28},"JWT","\u002Fjwt","1.JWT\u002F0.index",[27,29,52],{"title":23,"path":24,"stem":25,"icon":28},"i-carbon-certificate",{"title":30,"path":31,"stem":32,"children":33,"icon":35},"JWS","\u002Fjwt\u002Fjws","1.JWT\u002F1.JWS\u002F0.index",[34,36,40,44,48],{"title":30,"path":31,"stem":32,"icon":35},"i-carbon-document-signed",{"title":37,"path":38,"stem":39},"Signing","\u002Fjwt\u002Fjws\u002Fsigning","1.JWT\u002F1.JWS\u002F1.signing",{"title":41,"path":42,"stem":43},"Verifying","\u002Fjwt\u002Fjws\u002Fverifying","1.JWT\u002F1.JWS\u002F2.verifying",{"title":45,"path":46,"stem":47},"Multi-signature","\u002Fjwt\u002Fjws\u002Fmulti-signature","1.JWT\u002F1.JWS\u002F3.multi-signature",{"title":49,"path":50,"stem":51},"Algorithms","\u002Fjwt\u002Fjws\u002Falgorithms","1.JWT\u002F1.JWS\u002F4.algorithms",{"title":53,"path":54,"stem":55,"children":56,"icon":58},"JWE","\u002Fjwt\u002Fjwe","1.JWT\u002F2.JWE\u002F0.index",[57,59,63,67,71,75],{"title":53,"path":54,"stem":55,"icon":58},"i-carbon-locked",{"title":60,"path":61,"stem":62},"Encrypting","\u002Fjwt\u002Fjwe\u002Fencrypting","1.JWT\u002F2.JWE\u002F1.encrypting",{"title":64,"path":65,"stem":66},"Decrypting","\u002Fjwt\u002Fjwe\u002Fdecrypting","1.JWT\u002F2.JWE\u002F2.decrypting",{"title":68,"path":69,"stem":70},"Multi-recipient","\u002Fjwt\u002Fjwe\u002Fmulti-recipient","1.JWT\u002F2.JWE\u002F3.multi-recipient",{"title":72,"path":73,"stem":74},"ECDH-ES and end-to-end encryption","\u002Fjwt\u002Fjwe\u002Fecdh-es","1.JWT\u002F2.JWE\u002F4.ecdh-es",{"title":49,"path":76,"stem":77},"\u002Fjwt\u002Fjwe\u002Falgorithms","1.JWT\u002F2.JWE\u002F5.algorithms",{"title":79,"path":80,"stem":81,"children":82,"icon":84},"Examples","\u002Fexamples","10.Examples\u002F0.index",[83,85,90,94,98,102],{"title":79,"path":80,"stem":81,"icon":84},"i-carbon-code-reference",{"title":86,"path":87,"stem":88,"icon":89},"Authentication basics","\u002Fexamples\u002Fauthentication-basics","10.Examples\u002F1.authentication-basics","i-lucide-code",{"title":91,"path":92,"stem":93,"icon":89},"Consuming a JWKS endpoint","\u002Fexamples\u002Fjwks-endpoint","10.Examples\u002F2.jwks-endpoint",{"title":95,"path":96,"stem":97,"icon":89},"Refresh token pattern","\u002Fexamples\u002Frefresh-token-pattern","10.Examples\u002F3.refresh-token-pattern",{"title":99,"path":100,"stem":101,"icon":89},"End-to-end encryption","\u002Fexamples\u002Fend-to-end-encryption","10.Examples\u002F4.end-to-end-encryption",{"title":103,"path":104,"stem":105,"icon":89},"Signed receipts","\u002Fexamples\u002Fsigned-receipts","10.Examples\u002F5.signed-receipts",{"title":107,"path":108,"stem":109,"children":110,"icon":112},"JWK","\u002Fjwk","2.JWK\u002F0.index",[111,113,117,121,125,129,133,137],{"title":107,"path":108,"stem":109,"icon":112},"i-carbon-two-factor-authentication",{"title":114,"path":115,"stem":116},"Generating keys","\u002Fjwk\u002Fgenerating","2.JWK\u002F1.generating",{"title":118,"path":119,"stem":120},"Importing and exporting","\u002Fjwk\u002Fimport-export","2.JWK\u002F2.import-export",{"title":122,"path":123,"stem":124},"PEM conversion","\u002Fjwk\u002Fpem","2.JWK\u002F3.pem",{"title":126,"path":127,"stem":128},"Key wrapping","\u002Fjwk\u002Fwrapping","2.JWK\u002F4.wrapping",{"title":130,"path":131,"stem":132},"Password derivation","\u002Fjwk\u002Fpassword-derivation","2.JWK\u002F5.password-derivation",{"title":134,"path":135,"stem":136},"JWK Sets","\u002Fjwk\u002Fjwk-sets","2.JWK\u002F6.jwk-sets",{"title":138,"path":139,"stem":140},"JWK cache","\u002Fjwk\u002Fcache","2.JWK\u002F7.cache",{"title":142,"path":143,"stem":144,"children":145,"icon":147},"Utilities","\u002Futilities","3.Utilities\u002F0.index",[146],{"title":142,"path":143,"stem":144,"icon":147},"i-carbon-tool-box",{"title":149,"path":150,"stem":151,"children":152,"icon":154},"Adapters","\u002Fadapters","99.Adapters\u002F0.index",[153,155,159,163],{"title":149,"path":150,"stem":151,"icon":154},"i-carbon-plug",{"title":156,"path":157,"stem":158},"H3 sessions","\u002Fadapters\u002Fh3-sessions","99.Adapters\u002F1.h3-sessions",{"title":160,"path":161,"stem":162},"Lifecycle hooks","\u002Fadapters\u002Fhooks","99.Adapters\u002F2.hooks",{"title":164,"path":165,"stem":166},"Lower-level functions","\u002Fadapters\u002Flower-level","99.Adapters\u002F3.lower-level",{"id":168,"title":164,"body":169,"description":202,"extension":1225,"meta":1226,"navigation":1227,"path":165,"seo":1228,"stem":166,"__hash__":1229},"content\u002F99.Adapters\u002F3.lower-level.md",{"type":170,"value":171,"toc":1213},"minimark",[172,193,196,300,315,320,400,404,464,468,473,479,683,687,701,801,810,814,817,970,974,977,1174,1178,1186,1190,1209],[173,174,175,179,180,183,184,187,188,192],"p",{},[176,177,178],"code",{},"useJWESession"," and ",[176,181,182],{},"useJWSSession"," are the high-level path — they wire up reading, hooks, cookies, and the ",[176,185,186],{},"SessionManager"," in one call. For the cases where you need ",[189,190,191],"strong",{},"explicit control"," over those steps (custom flows, testing, one-off token minting, external session stores), unjwt exposes the underlying building blocks.",[173,194,195],{},"Import:",[197,198,203],"pre",{"className":199,"code":200,"language":201,"meta":202,"style":202},"language-ts shiki shiki-themes github-light github-dark github-dark","import {\n  getJWESession,\n  getJWESessionToken,\n  updateJWESession,\n  sealJWESession,\n  unsealJWESession,\n  clearJWESession,\n  getJWSSession,\n  updateJWSSession,\n  signJWSSession,\n  verifyJWSSession,\n  clearJWSSession,\n} from \"unjwt\u002Fadapters\u002Fh3v2\";\n","ts","",[176,204,205,218,224,230,236,242,248,254,260,266,272,278,284],{"__ignoreMap":202},[206,207,210,214],"span",{"class":208,"line":209},"line",1,[206,211,213],{"class":212},"so5gQ","import",[206,215,217],{"class":216},"slsVL"," {\n",[206,219,221],{"class":208,"line":220},2,[206,222,223],{"class":216},"  getJWESession,\n",[206,225,227],{"class":208,"line":226},3,[206,228,229],{"class":216},"  getJWESessionToken,\n",[206,231,233],{"class":208,"line":232},4,[206,234,235],{"class":216},"  updateJWESession,\n",[206,237,239],{"class":208,"line":238},5,[206,240,241],{"class":216},"  sealJWESession,\n",[206,243,245],{"class":208,"line":244},6,[206,246,247],{"class":216},"  unsealJWESession,\n",[206,249,251],{"class":208,"line":250},7,[206,252,253],{"class":216},"  clearJWESession,\n",[206,255,257],{"class":208,"line":256},8,[206,258,259],{"class":216},"  getJWSSession,\n",[206,261,263],{"class":208,"line":262},9,[206,264,265],{"class":216},"  updateJWSSession,\n",[206,267,269],{"class":208,"line":268},10,[206,270,271],{"class":216},"  signJWSSession,\n",[206,273,275],{"class":208,"line":274},11,[206,276,277],{"class":216},"  verifyJWSSession,\n",[206,279,281],{"class":208,"line":280},12,[206,282,283],{"class":216},"  clearJWSSession,\n",[206,285,287,290,293,297],{"class":208,"line":286},13,[206,288,289],{"class":216},"} ",[206,291,292],{"class":212},"from",[206,294,296],{"class":295},"sfrk1"," \"unjwt\u002Fadapters\u002Fh3v2\"",[206,298,299],{"class":216},";\n",[173,301,302,303,306,307,310,311,314],{},"Every function takes the H3 event and the matching ",[176,304,305],{},"SessionConfigJWE"," \u002F ",[176,308,309],{},"SessionConfigJWS"," (the same one you'd pass to the high-level ",[176,312,313],{},"useX"," helper).",[316,317,319],"h2",{"id":318},"jwe-functions","JWE functions",[321,322,323,336],"table",{},[324,325,326],"thead",{},[327,328,329,333],"tr",{},[330,331,332],"th",{},"Function",[330,334,335],{},"Purpose",[337,338,339,350,360,370,380,390],"tbody",{},[327,340,341,347],{},[342,343,344],"td",{},[176,345,346],{},"getJWESession(event, config)",[342,348,349],{},"Read\u002Finitialize session from cookie or header",[327,351,352,357],{},[342,353,354],{},[176,355,356],{},"getJWESessionToken(event, config)",[342,358,359],{},"Get raw token string (no decryption)",[327,361,362,367],{},[342,363,364],{},[176,365,366],{},"updateJWESession(event, config, update?)",[342,368,369],{},"Update data, re-encrypt, set cookie",[327,371,372,377],{},[342,373,374],{},[176,375,376],{},"sealJWESession(event, config)",[342,378,379],{},"Encrypt current session to JWE token string",[327,381,382,387],{},[342,383,384],{},[176,385,386],{},"unsealJWESession(event, config, token)",[342,388,389],{},"Decrypt a JWE token to session data",[327,391,392,397],{},[342,393,394],{},[176,395,396],{},"clearJWESession(event, config)",[342,398,399],{},"Delete session from context and expire cookie",[316,401,403],{"id":402},"jws-functions","JWS functions",[321,405,406,414],{},[324,407,408],{},[327,409,410,412],{},[330,411,332],{},[330,413,335],{},[337,415,416,425,435,445,455],{},[327,417,418,423],{},[342,419,420],{},[176,421,422],{},"getJWSSession(event, config)",[342,424,349],{},[327,426,427,432],{},[342,428,429],{},[176,430,431],{},"updateJWSSession(event, config, update?)",[342,433,434],{},"Update data, re-sign, set cookie",[327,436,437,442],{},[342,438,439],{},[176,440,441],{},"signJWSSession(event, config)",[342,443,444],{},"Sign current session to JWS token string",[327,446,447,452],{},[342,448,449],{},[176,450,451],{},"verifyJWSSession(event, config, token)",[342,453,454],{},"Verify a JWS token to session data",[327,456,457,462],{},[342,458,459],{},[176,460,461],{},"clearJWSSession(event, config)",[342,463,399],{},[316,465,467],{"id":466},"typical-uses","Typical uses",[469,470,472],"h3",{"id":471},"mint-a-one-off-token-without-cookies","Mint a one-off token without cookies",[173,474,475,476,478],{},"For generating a token to send via email (magic link, password reset), you don't want the cookie side-effects of ",[176,477,182],{},":",[197,480,483],{"className":199,"code":481,"filename":482,"language":201,"meta":202,"style":202},"import { signJWSSession } from \"unjwt\u002Fadapters\u002Fh3v2\";\n\napp.post(\"\u002Frequest-magic-link\", async (event) => {\n  const email = (await event.req.json()).email;\n\n  const token = await signJWSSession(event, {\n    key: magicLinkKey,\n    maxAge: \"15m\",\n    cookie: false, \u002F\u002F don't set a cookie\n    sessionHeader: false, \u002F\u002F don't read one either\n  });\n\n  await sendEmail(email, `https:\u002F\u002Fapp.example.com\u002Flogin?token=${token}`);\n  return { ok: true };\n});\n","magic-link.ts",[176,484,485,498,504,540,566,570,588,593,604,618,630,635,639,662,677],{"__ignoreMap":202},[206,486,487,489,492,494,496],{"class":208,"line":209},[206,488,213],{"class":212},[206,490,491],{"class":216}," { signJWSSession } ",[206,493,292],{"class":212},[206,495,296],{"class":295},[206,497,299],{"class":216},[206,499,500],{"class":208,"line":220},[206,501,503],{"emptyLinePlaceholder":502},true,"\n",[206,505,506,509,513,516,519,522,525,528,532,535,538],{"class":208,"line":226},[206,507,508],{"class":216},"app.",[206,510,512],{"class":511},"shcOC","post",[206,514,515],{"class":216},"(",[206,517,518],{"class":295},"\"\u002Frequest-magic-link\"",[206,520,521],{"class":216},", ",[206,523,524],{"class":212},"async",[206,526,527],{"class":216}," (",[206,529,531],{"class":530},"sQHwn","event",[206,533,534],{"class":216},") ",[206,536,537],{"class":212},"=>",[206,539,217],{"class":216},[206,541,542,545,549,552,554,557,560,563],{"class":208,"line":232},[206,543,544],{"class":212},"  const",[206,546,548],{"class":547},"suiK_"," email",[206,550,551],{"class":212}," =",[206,553,527],{"class":216},[206,555,556],{"class":212},"await",[206,558,559],{"class":216}," event.req.",[206,561,562],{"class":511},"json",[206,564,565],{"class":216},"()).email;\n",[206,567,568],{"class":208,"line":238},[206,569,503],{"emptyLinePlaceholder":502},[206,571,572,574,577,579,582,585],{"class":208,"line":244},[206,573,544],{"class":212},[206,575,576],{"class":547}," token",[206,578,551],{"class":212},[206,580,581],{"class":212}," await",[206,583,584],{"class":511}," signJWSSession",[206,586,587],{"class":216},"(event, {\n",[206,589,590],{"class":208,"line":250},[206,591,592],{"class":216},"    key: magicLinkKey,\n",[206,594,595,598,601],{"class":208,"line":256},[206,596,597],{"class":216},"    maxAge: ",[206,599,600],{"class":295},"\"15m\"",[206,602,603],{"class":216},",\n",[206,605,606,609,612,614],{"class":208,"line":262},[206,607,608],{"class":216},"    cookie: ",[206,610,611],{"class":547},"false",[206,613,521],{"class":216},[206,615,617],{"class":616},"sCsY4","\u002F\u002F don't set a cookie\n",[206,619,620,623,625,627],{"class":208,"line":268},[206,621,622],{"class":216},"    sessionHeader: ",[206,624,611],{"class":547},[206,626,521],{"class":216},[206,628,629],{"class":616},"\u002F\u002F don't read one either\n",[206,631,632],{"class":208,"line":274},[206,633,634],{"class":216},"  });\n",[206,636,637],{"class":208,"line":280},[206,638,503],{"emptyLinePlaceholder":502},[206,640,641,644,647,650,653,656,659],{"class":208,"line":286},[206,642,643],{"class":212},"  await",[206,645,646],{"class":511}," sendEmail",[206,648,649],{"class":216},"(email, ",[206,651,652],{"class":295},"`https:\u002F\u002Fapp.example.com\u002Flogin?token=${",[206,654,655],{"class":216},"token",[206,657,658],{"class":295},"}`",[206,660,661],{"class":216},");\n",[206,663,665,668,671,674],{"class":208,"line":664},14,[206,666,667],{"class":212},"  return",[206,669,670],{"class":216}," { ok: ",[206,672,673],{"class":547},"true",[206,675,676],{"class":216}," };\n",[206,678,680],{"class":208,"line":679},15,[206,681,682],{"class":216},"});\n",[469,684,686],{"id":685},"access-the-refresh-token-from-an-access-token-hook","Access the refresh token from an access-token hook",[173,688,689,690,694,695,698,699,478],{},"The ",[691,692,693],"a",{"href":96},"refresh-token example"," uses this pattern — from inside the access token's ",[176,696,697],{},"onExpire",", peek at the refresh session without creating a new ",[176,700,186],{},[197,702,705],{"className":199,"code":703,"filename":704,"language":201,"meta":202,"style":202},"hooks: {\n  async onExpire({ event, config }) {\n    const refresh = await getJWESession(event, refreshConfig);\n    if (!refresh.data.sub) return;\n\n    await updateJWSSession(event, config, {\n      sub: refresh.data.sub,\n      scope: refresh.data.scope,\n    });\n  },\n},\n","refresh-hook.ts",[176,706,707,715,725,743,761,765,776,781,786,791,796],{"__ignoreMap":202},[206,708,709,712],{"class":208,"line":209},[206,710,711],{"class":511},"hooks",[206,713,714],{"class":216},": {\n",[206,716,717,720,722],{"class":208,"line":220},[206,718,719],{"class":216},"  async ",[206,721,697],{"class":511},[206,723,724],{"class":216},"({ event, config }) {\n",[206,726,727,730,733,735,737,740],{"class":208,"line":226},[206,728,729],{"class":212},"    const",[206,731,732],{"class":547}," refresh",[206,734,551],{"class":212},[206,736,581],{"class":212},[206,738,739],{"class":511}," getJWESession",[206,741,742],{"class":216},"(event, refreshConfig);\n",[206,744,745,748,750,753,756,759],{"class":208,"line":232},[206,746,747],{"class":212},"    if",[206,749,527],{"class":216},[206,751,752],{"class":212},"!",[206,754,755],{"class":216},"refresh.data.sub) ",[206,757,758],{"class":212},"return",[206,760,299],{"class":216},[206,762,763],{"class":208,"line":238},[206,764,503],{"emptyLinePlaceholder":502},[206,766,767,770,773],{"class":208,"line":244},[206,768,769],{"class":212},"    await",[206,771,772],{"class":511}," updateJWSSession",[206,774,775],{"class":216},"(event, config, {\n",[206,777,778],{"class":208,"line":250},[206,779,780],{"class":216},"      sub: refresh.data.sub,\n",[206,782,783],{"class":208,"line":256},[206,784,785],{"class":216},"      scope: refresh.data.scope,\n",[206,787,788],{"class":208,"line":262},[206,789,790],{"class":216},"    });\n",[206,792,793],{"class":208,"line":268},[206,794,795],{"class":216},"  },\n",[206,797,798],{"class":208,"line":274},[206,799,800],{"class":216},"},\n",[173,802,803,806,807,809],{},[176,804,805],{},"getJWESession"," returns the same shape as the high-level ",[176,808,178],{},", but you're in control of when it runs.",[469,811,813],{"id":812},"verify-an-externally-sourced-token","Verify an externally-sourced token",[173,815,816],{},"You received a token through some channel other than the default cookie\u002Fheader — a webhook body, a query parameter, a separate header — and want to verify it using your session config:",[197,818,821],{"className":199,"code":819,"filename":820,"language":201,"meta":202,"style":202},"import { verifyJWSSession } from \"unjwt\u002Fadapters\u002Fh3v2\";\n\napp.post(\"\u002Fwebhook\", async (event) => {\n  const payload = await event.req.json();\n  const token = payload.signedEvent;\n\n  const session = await verifyJWSSession(event, config, token);\n  if (!session.data.userId) {\n    throw new HTTPError(\"Invalid signed event\", { status: 403 });\n  }\n\n  \u002F\u002F process payload...\n});\n","external.ts",[176,822,823,836,840,865,883,894,898,915,927,952,957,961,966],{"__ignoreMap":202},[206,824,825,827,830,832,834],{"class":208,"line":209},[206,826,213],{"class":212},[206,828,829],{"class":216}," { verifyJWSSession } ",[206,831,292],{"class":212},[206,833,296],{"class":295},[206,835,299],{"class":216},[206,837,838],{"class":208,"line":220},[206,839,503],{"emptyLinePlaceholder":502},[206,841,842,844,846,848,851,853,855,857,859,861,863],{"class":208,"line":226},[206,843,508],{"class":216},[206,845,512],{"class":511},[206,847,515],{"class":216},[206,849,850],{"class":295},"\"\u002Fwebhook\"",[206,852,521],{"class":216},[206,854,524],{"class":212},[206,856,527],{"class":216},[206,858,531],{"class":530},[206,860,534],{"class":216},[206,862,537],{"class":212},[206,864,217],{"class":216},[206,866,867,869,872,874,876,878,880],{"class":208,"line":232},[206,868,544],{"class":212},[206,870,871],{"class":547}," payload",[206,873,551],{"class":212},[206,875,581],{"class":212},[206,877,559],{"class":216},[206,879,562],{"class":511},[206,881,882],{"class":216},"();\n",[206,884,885,887,889,891],{"class":208,"line":238},[206,886,544],{"class":212},[206,888,576],{"class":547},[206,890,551],{"class":212},[206,892,893],{"class":216}," payload.signedEvent;\n",[206,895,896],{"class":208,"line":244},[206,897,503],{"emptyLinePlaceholder":502},[206,899,900,902,905,907,909,912],{"class":208,"line":250},[206,901,544],{"class":212},[206,903,904],{"class":547}," session",[206,906,551],{"class":212},[206,908,581],{"class":212},[206,910,911],{"class":511}," verifyJWSSession",[206,913,914],{"class":216},"(event, config, token);\n",[206,916,917,920,922,924],{"class":208,"line":256},[206,918,919],{"class":212},"  if",[206,921,527],{"class":216},[206,923,752],{"class":212},[206,925,926],{"class":216},"session.data.userId) {\n",[206,928,929,932,935,938,940,943,946,949],{"class":208,"line":262},[206,930,931],{"class":212},"    throw",[206,933,934],{"class":212}," new",[206,936,937],{"class":511}," HTTPError",[206,939,515],{"class":216},[206,941,942],{"class":295},"\"Invalid signed event\"",[206,944,945],{"class":216},", { status: ",[206,947,948],{"class":547},"403",[206,950,951],{"class":216}," });\n",[206,953,954],{"class":208,"line":268},[206,955,956],{"class":216},"  }\n",[206,958,959],{"class":208,"line":274},[206,960,503],{"emptyLinePlaceholder":502},[206,962,963],{"class":208,"line":280},[206,964,965],{"class":616},"  \u002F\u002F process payload...\n",[206,967,968],{"class":208,"line":286},[206,969,682],{"class":216},[469,971,973],{"id":972},"roll-a-session-over-to-a-different-key","Roll a session over to a different key",[173,975,976],{},"For scheduled key rotation, you can clear the session with the old key and re-seal with a new config:",[197,978,981],{"className":199,"code":979,"filename":980,"language":201,"meta":202,"style":202},"\u002F\u002F old config (before rotation)\nconst old = { key: oldKey, maxAge: \"7D\" } satisfies SessionConfigJWE;\n\n\u002F\u002F new config (after rotation)\nconst nu = { key: newKey, maxAge: \"7D\" } satisfies SessionConfigJWE;\n\napp.post(\"\u002Frotate-keys\", async (event) => {\n  const session = await getJWESession(event, old);\n  if (!session.data.userId) throw new HTTPError(\"Not authenticated\", { status: 401 });\n\n  const data = session.data;\n  await clearJWESession(event, old);\n  await updateJWESession(event, nu, data);\n\n  return { ok: true };\n});\n","key-roll.ts",[176,982,983,988,1015,1019,1024,1046,1050,1075,1090,1120,1124,1136,1145,1155,1159,1169],{"__ignoreMap":202},[206,984,985],{"class":208,"line":209},[206,986,987],{"class":616},"\u002F\u002F old config (before rotation)\n",[206,989,990,993,996,998,1001,1004,1007,1010,1013],{"class":208,"line":220},[206,991,992],{"class":212},"const",[206,994,995],{"class":547}," old",[206,997,551],{"class":212},[206,999,1000],{"class":216}," { key: oldKey, maxAge: ",[206,1002,1003],{"class":295},"\"7D\"",[206,1005,1006],{"class":216}," } ",[206,1008,1009],{"class":212},"satisfies",[206,1011,1012],{"class":511}," SessionConfigJWE",[206,1014,299],{"class":216},[206,1016,1017],{"class":208,"line":226},[206,1018,503],{"emptyLinePlaceholder":502},[206,1020,1021],{"class":208,"line":232},[206,1022,1023],{"class":616},"\u002F\u002F new config (after rotation)\n",[206,1025,1026,1028,1031,1033,1036,1038,1040,1042,1044],{"class":208,"line":238},[206,1027,992],{"class":212},[206,1029,1030],{"class":547}," nu",[206,1032,551],{"class":212},[206,1034,1035],{"class":216}," { key: newKey, maxAge: ",[206,1037,1003],{"class":295},[206,1039,1006],{"class":216},[206,1041,1009],{"class":212},[206,1043,1012],{"class":511},[206,1045,299],{"class":216},[206,1047,1048],{"class":208,"line":244},[206,1049,503],{"emptyLinePlaceholder":502},[206,1051,1052,1054,1056,1058,1061,1063,1065,1067,1069,1071,1073],{"class":208,"line":250},[206,1053,508],{"class":216},[206,1055,512],{"class":511},[206,1057,515],{"class":216},[206,1059,1060],{"class":295},"\"\u002Frotate-keys\"",[206,1062,521],{"class":216},[206,1064,524],{"class":212},[206,1066,527],{"class":216},[206,1068,531],{"class":530},[206,1070,534],{"class":216},[206,1072,537],{"class":212},[206,1074,217],{"class":216},[206,1076,1077,1079,1081,1083,1085,1087],{"class":208,"line":256},[206,1078,544],{"class":212},[206,1080,904],{"class":547},[206,1082,551],{"class":212},[206,1084,581],{"class":212},[206,1086,739],{"class":511},[206,1088,1089],{"class":216},"(event, old);\n",[206,1091,1092,1094,1096,1098,1101,1104,1106,1108,1110,1113,1115,1118],{"class":208,"line":262},[206,1093,919],{"class":212},[206,1095,527],{"class":216},[206,1097,752],{"class":212},[206,1099,1100],{"class":216},"session.data.userId) ",[206,1102,1103],{"class":212},"throw",[206,1105,934],{"class":212},[206,1107,937],{"class":511},[206,1109,515],{"class":216},[206,1111,1112],{"class":295},"\"Not authenticated\"",[206,1114,945],{"class":216},[206,1116,1117],{"class":547},"401",[206,1119,951],{"class":216},[206,1121,1122],{"class":208,"line":268},[206,1123,503],{"emptyLinePlaceholder":502},[206,1125,1126,1128,1131,1133],{"class":208,"line":274},[206,1127,544],{"class":212},[206,1129,1130],{"class":547}," data",[206,1132,551],{"class":212},[206,1134,1135],{"class":216}," session.data;\n",[206,1137,1138,1140,1143],{"class":208,"line":280},[206,1139,643],{"class":212},[206,1141,1142],{"class":511}," clearJWESession",[206,1144,1089],{"class":216},[206,1146,1147,1149,1152],{"class":208,"line":286},[206,1148,643],{"class":212},[206,1150,1151],{"class":511}," updateJWESession",[206,1153,1154],{"class":216},"(event, nu, data);\n",[206,1156,1157],{"class":208,"line":664},[206,1158,503],{"emptyLinePlaceholder":502},[206,1160,1161,1163,1165,1167],{"class":208,"line":679},[206,1162,667],{"class":212},[206,1164,670],{"class":216},[206,1166,673],{"class":547},[206,1168,676],{"class":216},[206,1170,1172],{"class":208,"line":1171},16,[206,1173,682],{"class":216},[316,1175,1177],{"id":1176},"when-to-stay-high-level","When to stay high-level",[173,1179,1180,1181,306,1183,1185],{},"Reach for the lower-level functions only when you need the specific behavior they expose. For anything that fits the \"one session per request\" shape, ",[176,1182,178],{},[176,1184,182],{}," — plus hooks — will be shorter and less error-prone.",[316,1187,1189],{"id":1188},"see-also","See also",[1191,1192,1193,1199,1204],"ul",{},[1194,1195,1196],"li",{},[691,1197,1198],{"href":157},"H3 sessions →",[1194,1200,1201],{},[691,1202,1203],{"href":161},"Lifecycle hooks →",[1194,1205,1206],{},[691,1207,1208],{"href":96},"Example: refresh-token pattern →",[1210,1211,1212],"style",{},"html pre.shiki code .so5gQ, html code.shiki .so5gQ{--shiki-light:#D73A49;--shiki-default:#F97583;--shiki-dark:#F97583}html pre.shiki code .slsVL, html code.shiki .slsVL{--shiki-light:#24292E;--shiki-default:#E1E4E8;--shiki-dark:#E1E4E8}html pre.shiki code .sfrk1, html code.shiki .sfrk1{--shiki-light:#032F62;--shiki-default:#9ECBFF;--shiki-dark:#9ECBFF}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html pre.shiki code .shcOC, html code.shiki .shcOC{--shiki-light:#6F42C1;--shiki-default:#B392F0;--shiki-dark:#B392F0}html pre.shiki code .sQHwn, html code.shiki .sQHwn{--shiki-light:#E36209;--shiki-default:#FFAB70;--shiki-dark:#FFAB70}html pre.shiki code .suiK_, html code.shiki .suiK_{--shiki-light:#005CC5;--shiki-default:#79B8FF;--shiki-dark:#79B8FF}html pre.shiki code .sCsY4, html code.shiki .sCsY4{--shiki-light:#6A737D;--shiki-default:#6A737D;--shiki-dark:#6A737D}",{"title":202,"searchDepth":220,"depth":220,"links":1214},[1215,1216,1217,1223,1224],{"id":318,"depth":220,"text":319},{"id":402,"depth":220,"text":403},{"id":466,"depth":220,"text":467,"children":1218},[1219,1220,1221,1222],{"id":471,"depth":226,"text":472},{"id":685,"depth":226,"text":686},{"id":812,"depth":226,"text":813},{"id":972,"depth":226,"text":973},{"id":1176,"depth":220,"text":1177},{"id":1188,"depth":220,"text":1189},"md",{},{},{"title":164,"description":202},"PZYiA2pnwOgpaPjEECe7ych1-TARWGf-7GkWjxY990Y",[1231,1232],{"title":160,"path":161,"stem":162,"description":202,"children":-1},null,1776888562368]