Session Management by Clerk

Hello Product Hunt! We're incredibly excited to release Clerk's new Session Management service today. We've been building this for the past few months, but dreaming about it for over a year.

The big deal about this launch is that we didn't cut any corners. We've known we wanted to build a "stateless" authentication strategy because it leads to the fastest-possible authentication speeds. But, we've also known that stateless architectures are often selected at the expense of security - and that's unacceptable to us.

We built our session management service to be both high-speed and high-security. Our strategy is stateless (under 1ms authentication!), but our tokens are configured to expire in just 60 seconds to ensure that sessions can still be revoked.

And we didn't stop there... * We include a frontend UI component so your users can see their Active Devices and choose to sign out from them if necessary * We enable your users to sign into multiple accounts on a single device, and we include a frontend UI component so they can switch between accounts (just like Google and Twitter) * We scoured the OWASP and NIST literature to ensure that we protect against common threats against sessions (like CSRF, session fixation, and XSS leaks) * Everything is completely language- and framework-agnostic. Today, we have SDKs for Next.js (including for new edge middleware!), React, Node, Ruby, Rails, and Go.

Session Management is now included in every Clerk plan, and free for up to 500 monthly active users.

Our team will be watching this post throughout the day and we're happy to answer any questions!