handle sessions or API keys

Insufficient docs to answer fully.

Missing information

• Recommended patterns for session cookies (security flags) and API key auth (header/query).
• Any built-in helpers or plugins for API key/session management.

See also

• how_do_i/missing-info.md:1