When a user returns to your application, why make them wait? H33's new session resume feature re-authenticates returning users in just 50 microseconds—that's 4.4x faster than a full authentication and essentially instant from a user's perspective.
Session Resume Performance
Session Resume: 50µs
Full Auth (Turbo): 1.28ms
Speedup: 4.4x faster
User perception: Instant
How Session Resume Works
Traditional authentication re-verifies everything on each request: biometrics, cryptographic proofs, and attestations. This is wasteful when the user's context hasn't changed.
Session resume takes a smarter approach:
- Context preservation: Session state is encrypted and cached server-side
- Cryptographic binding: Session tokens are bound to device fingerprints
- Proof reuse: Valid ZK proofs are cached and verified in 32µs
- Delta detection: Only re-verify what's actually changed
// First authentication - full verification
const initial = await h33.auth.fullStack({
userId: 'user_123',
biometric: faceData,
mode: 'turbo'
});
// 1.28ms - creates session context
// Session resume - lightning fast
const resumed = await h33.session.resume({
sessionId: initial.sessionId,
deviceFingerprint: fingerprint
});
// 50µs - verifies cached contextSecurity Without Compromise
Speed doesn't mean sacrificing security. Session resume maintains full cryptographic verification:
- Session tokens are signed with Dilithium3 (post-quantum secure)
- Device binding prevents session hijacking across devices
- Time-limited validity with configurable expiration
- Anomaly detection triggers full re-authentication when needed
When Full Auth is Required
Session resume automatically falls back to full authentication when:
- Session has expired
- Device fingerprint doesn't match
- IP geolocation changes significantly
- Risk score exceeds threshold
- Sensitive operation is requested
This adaptive approach gives you speed for normal operations and full security when it matters.
Performance Comparison
| Operation | Latency |
|---|---|
| Full Auth (Turbo) | 1.28ms |
| Full Auth (Standard) | 633µs |
| Session Resume | 50µs |
| Cached Proof Verify | 32µs |
Implementation Guide
// Configure session management
const sessionManager = h33.createSessionManager({
ttl: '24h', // Session lifetime
resumeWindow: '1h', // Resume without re-auth
deviceBinding: true, // Require device match
riskThreshold: 0.7 // Trigger full auth above this
});
// Middleware for automatic session handling
app.use(sessionManager.middleware());
// In your routes, authentication is automatic
app.get('/dashboard', async (req, res) => {
// req.auth is populated - either from resume (50µs)
// or full auth (1.28ms) based on context
const user = req.auth.user;
// ...
});Real-World Impact
For a typical user session with 50 API calls:
- Without session resume: 50 × 1.28ms = 11,000µs total auth overhead
- With session resume: 1 × 1.28ms + 49 × 50µs = 2,670µs total
- Savings: 76% reduction in authentication latency
For high-frequency applications like real-time collaboration or gaming, this difference is transformative.
Enable 50µs Session Resume
Upgrade your authentication with instant session resume. Get started with 1,000 free auths.
Get Free API Key