Hi @rp_st, for my understandings with sessions management. We have different session verification flows 1. using verifySession 2. using getSession 3. manually verifying jwt Here, if I have a separate backend application running with APIs exposes, can I try to use those APIs in the verifySession, like using node backend as a middleware between frontend and my backend application. By doing this, I'm not going to use any verification methods on my backend application so that APIs are just directly accessed from nodejs. Is this suggested?

> can I try to use those APIs in the verifySession I didn't quite understand this. Maybe rephrase a bit?

Yes, so the APIs from my backend will be called from the nodeJs backend APIs is what I meant. Basically, nodeJs being the API gateway for my backend application. By this, frontend will always communicate with nodeJs apis which in turn verifies and call my backend app apis.

right. So in the node js backend (which is the api gateway one), you can use verifySession for sure, and then pass through the user ID to the other backend in the request header for example.

So the question is, once used verifySession, should I again check the jwt in my backend applications? or is it overkill?

no need.

Got it, Thanks.