Covers the essentials for JWT-based session management with Redis storage, token refresh flows, and secure cookie configuration. You get working code for generating access and refresh tokens with different lifespans, a Redis-backed session store that handles multiple sessions per user, and proper cookie settings including httpOnly and sameSite flags. The refresh endpoint implementation is straightforward and the security guidelines are practical reminders about HTTPS-only, avoiding URL-based token transmission, and validating signatures. Use this when you're setting up authentication from scratch or need to replace an insecure session system. The Redis integration is particularly useful if you need to invalidate all sessions for a user during logout or password changes.
npx skills add https://github.com/secondsky/claude-skills --skill session-management