Session keys are restricted, short-lived keys that a user delegates to a third party. The delegate can sign transactions on the user’s behalf, but only within the bounds the user defined. The user’s main account key is never shared. Rhinestone’s Smart Sessions module implements session keys as an ERC-7579 validator. It is multichain-compatible and works with all supported smart account implementations and smart EOAs.Documentation Index
Fetch the complete documentation index at: https://docs.rhinestone.dev/llms.txt
Use this file to discover all available pages before exploring further.
How they work
When a user creates a session, they define:- Owners: who holds the session key (your app, an agent, a smart contract)
- Actions: which contracts and functions the key is allowed to call
- Policies: constraints on those actions (spending limits, time windows, usage limits)
What they enable
1-click UX: users pre-approve a set of actions, then your app executes them instantly with no wallet prompts. Common in trading apps, games, and subscription flows. Automated transactions: delegate to a bot, agent, or smart contract to execute on the user’s behalf within predefined limits. The user retains full control and can revoke at any time. Crosschain automation: Smart Sessions is multichain-aware. A single session approval can authorize actions across multiple chains, consistent with Warp’s single-signature intent model.Trust model
Session keys do not grant unrestricted access to the account. They are constrained by:- The specific contracts and function selectors allowed in the session
- Any policies applied (spending limits, timeframe, usage count)
- The session expiry
Next steps
Smart Sessions guide
Full API reference: owners, actions, policies, and multi-session signatures.
Session keys tutorial
Build a working session key integration step by step.