@User > will using the same instance of supertokens on the backend to manage all four types of sessions be fine? Yes. Using one core implies that all sessions will be saved in the same db. But since each session is independent anyway, it should be fine. > but then a manual check of the JWT payload variable on the route to validate that the request comes from a session which was issued for the same frontend as that of the request. Yea.. this makes sense.