I’m beginning to familiarize myself with the Auth0 documentation, and I have a couple questions about interacting with stateful sessions and cookies. To be clear, I’m designing a new system, and I’d like to incorporate stateful session data. One such capability I’d like to do is revoke a malicious user’s session at will, i.e. by deleting a database record.
I noticed that there is an Auth0 Session Layer that is said to maintain a session on the Authorization Server. However, the Auth0 Management API doesn’t refer to any endpoints that would let me interact with this session data. Is there a way to do so?
Reading further, I noticed a suggestion in the Cookies documentation, that describes that it “requires a database to store the session data (but most web applications already have this).” Does this mean I cannot interact with the session data referred to above?
It’s acceptable that I store such session data in another place (e.g. a Redis cache) but I’d like to explore what options I have before making a decision.
What does the Auth0 team and/or community recommend doing for adding stateful session management into their system architectures?
Thanks for your help!