# Guide: Auth (Page Coming Soon)

Patterns for session, cookies, and user state.

- Reading/writing cookies via `event.cookies`
- Session management via `event.session`
- Protecting routes (check auth, redirect or return 401)
- Client-side state reflection at `document.bindings.user`

See API:
- [HttpUser](/api/webflo-routing/HttpUser)
- [HttpCookies](/api/webflo-routing/HttpCookies)
- [HttpSession](/api/webflo-routing/HttpSession)