---
title: Server-side sessions
description: Server-side sessions live in an internal datastore called the Core Token Service (CTS) token store.
component: pingoneaic
page_id: pingoneaic:am-sessions:server-side-sessions
canonical_url: https://docs.pingidentity.com/pingoneaic/am-sessions/server-side-sessions.html
keywords: ["Sessions", "Authentication", "CTS Store (Sessions &amp; Tokens)", "Storage"]
page_aliases: ["sessions-guide:cts-based-sessions.adoc cts-based-sessions.adoc"]
section_ids:
  server_side_journey_sessions: Server-side journey sessions
  server_side_authenticated_sessions: Server-side authenticated sessions
  server_side_sessions_and_in_memory_caching: Server-side sessions and in-memory caching
---

# Server-side sessions

Server-side sessions live in an internal datastore called the Core Token Service (CTS) token store.

When you configure Advanced Identity Cloud to use server-side sessions, Advanced Identity Cloud sends session references to clients. The references don't contain any session state information. Advanced Identity Cloud can modify a server-side session during its lifetime without changing the client's reference to the session.

## Server-side journey sessions

Advanced Identity Cloud uses *journey sessions* to manage progress through a journey.

While progressing through the journey, the session reference is returned to the client after each call to the `authenticate` endpoint and stored in the `authId` object of the JSON response.

Advanced Identity Cloud maintains the journey session in the CTS token store. After the journey has completed, Advanced Identity Cloud returns session state to the client and deletes the server-side authenticated session if the realm to which the user has authenticated is configured for client-side authenticated sessions.

## Server-side authenticated sessions

After the user has successfully authenticated, Advanced Identity Cloud returns a session reference, which is known as an *SSO token*.

For browser clients, Advanced Identity Cloud sets a cookie in the browser that contains the session reference.

For REST clients, Advanced Identity Cloud returns the session reference in response to calls to the `authentication` endpoint.

## Server-side sessions and in-memory caching

Server-side sessions can be cached in memory. When a session that's being requested is cached, session retrieval is nearly instantaneous.

Advanced Identity Cloud automatically caches server-side sessions after retrieving them from the CTS token store. No configuration is required to enable server-side session caching.