*** title: SessionManager slug: /reference/typescript/agents/configuration/session-manager description: Stateless HMAC-SHA256 token manager for SWAIG function call authentication and per-session metadata storage. max-toc-depth: 3 --------------------- For a complete index of all SignalWire documentation pages, fetch https://signalwire.com/docs/llms.txt `SessionManager` provides stateless HMAC-SHA256 token generation and validation for SWAIG function call authentication. Tokens encode a call ID, function name, expiry, and nonce, signed with a shared secret. It also supports per-session metadata storage with automatic cleanup. ```typescript {3} import { SessionManager } from '@signalwire/sdk'; const sm = new SessionManager(900); // 15-minute token expiry const token = sm.generateToken('get_weather', 'call-123'); const valid = sm.validateToken('call-123', 'get_weather', token); ``` ## **Constructor** Token validity duration in seconds. HMAC signing secret. A random 32-byte key is generated if omitted. ## **Methods** Return or generate a session identifier. Generate a signed token binding a function to a call ID. Alias for generateToken. Validate a token against expected call ID and function name. Alias for validateToken with reordered parameters. Decode token components without validating the signature. Retrieve metadata for a session. Merge metadata into a session. Remove expired session metadata entries. Delete all metadata for a session. ## **Example** ```typescript {3-4,7-8} import { SessionManager } from '@signalwire/sdk'; const sm = new SessionManager(); const token = sm.generateToken('get_weather', 'call-abc123'); // Later, validate the token const valid = sm.validateToken('call-abc123', 'get_weather', token); console.log('Token valid:', valid); // true ```