Request & Session Lifecycle

Request Lifecycle

• A request is sent to a protected API.

• The API checks whether access is allowed.

• If access is not allowed, a requirement is returned.

• The requester fulfills the requirement.

• Sestra validates the fulfillment.

• Access is granted for a limited time.

• The session expires automatically.

Session Lifecycle

A session goes through these states:

• created

• pending

• fulfilled

• active

• expired

Sessions are temporary. They cannot be reused after expiration.