> ## Documentation Index
> Fetch the complete documentation index at: https://docs-dev-docs-event-stream-action-templates.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

> Learn about Auth0 session metadata

# Session Metadata

Session metadata allows the storage of customizable keys and values (maximum 255 characters each) in an Auth0 user [session](/docs/manage-users/sessions).

Use cases for session metadata include:

* Track device information, such as device name or login location
* Store session-level flags, for example, `user_accepted_terms`
* Share state between multiple Actions in the same flow
* Drive conditional logic for logout or token issuance

You can use session metadata information downstream systems such as audit, analytics, and revocation pipelines that may need to be aware of a user’s organization data.

To learn more, read [Use case: Organization Information in Session Metadata](/docs/manage-users/sessions/session-metadata/add-organization-information).

You can access and modify session metadata during a session’s [lifecycle](/docs/manage-users/sessions/session-lifecycle) using Auth0 [Actions](/docs/customize/actions/explore-triggers/signup-and-login-triggers/login-trigger) and the [Management API](https://auth0.com/docs/api/management/v2). In addition, you can include session metadata in the [OpenID Connect Back-Channel Logout](/docs/authenticate/login/logout/back-channel-logout) token.

To learn more, read [how to Configure Session Metadata](/docs/manage-users/sessions/session-metadata/configure-session-metadata).

<Warning>
  Auth0 Session Metadata is not a secure data store and should not be used to store sensitive information. This includes secrets and high-risk PII like social security numbers or credit card numbers, etc. Auth0 customers are strongly encouraged to evaluate the data stored in metadata and only store that which is necessary for identity and access management purposes. To learn more, read [Auth0 General Data Protection Regulation Compliance](/docs/secure/data-privacy-and-compliance/gdpr).
</Warning>

## Limitations

* Session metadata is available only when created in a browser-based session
* Auth0 does not support session metadata with the following:
  * Resource Owner Password Flow
  * Native Passkeys
  * Native Social Logins such as Sign in with Apple, Google, or Facebook