Library session

Design References

• Expression children

Contract

Session displays safe session state projected by the host. Missing optional display fields collapse. Tokens, CSRF values, refresh tokens, cookies, and provider secrets are never rendered.

Session handling stays in the host runtime. Components may receive public user or account labels, scope summaries, and sign-in state, but they must not read authorization headers directly.

Consequence

The session component can render user context without becoming an auth layer.

UI framework index

Sources

• Session
• Runtime contract