Yes. You don't need to implement session management yourself. We do that for you. We also issue JWTs which you can send off to other services (if they expect a JWT). Our version of auth0 rules is called "override". It's like inheritance in which you create a child class of the parent class (which is our implementation), and override the default implementation with your custom logic. You can learn more about it in the advanced customisation section for the recipe you choose.