@User It verifies the session. It expects the

sAccessToken

and

sIdRefreshToken

cookies in the request and attempts to use those to verify the session. If successful, it creates a

session

object inside the

req

object which can be used in your API to get user info and / or manipulate the session.