Hi team, I want to rely on access token payload data for some server logic, but want to make sure that it's secure to do that. When a session is verified on the server side, does it verify that the payload of that session has not been manipulated from the client side?

yes. That's exactly what it does.

Awesome 😄 Thank you!