I think having a more stable session identifier available in rules is something already tracked or at least that I have seen discussed. However, I would suggest that you leave both suggestion at Auth0: Secure access for everyone. But not just anyone.. The submission of feedback through that channel is reviewed directly by the product team so it’s the best way to perform suggestion or make feature requests.