---
descriptions:
  authentication:
    authenticated: Whether or not the user was successfully authenticated.
    session_data: WorkOS session cookie value from the user's browser.
    cookie_password_unseal: >
      Password used to unseal the session cookie. Must be the same as the
      password used to seal the cookie. Can optionally be specified as the
      `WORKOS_COOKIE_PASSWORD` environment variable.
reference:
  js:
    - key: authenticateWithSessionCookie
      id: authenticate_with_session_cookie
      url: /reference/authkit/authentication/session-cookie
      title: userManagement.authenticateWithSessionCookie()
      parameters:
        - key: options
          type: object
          unwrap: true
          properties:
            - key: sessionData
              type: string
              description: (authentication.session_data)
            - key: cookiePassword
              type: string
              description: (authentication.cookie_password_unseal)
      returns:
        - key: anonymous
          type: object
          unwrap: true
          properties:
            - key: authenticated
              type: boolean
              description: (authentication.authenticated)
            - key: sessionId
              type: string
              description: (access_token.session_id)
            - key: organizationId
              type: string
              optional: true
              description: (authentication.organization_id)
            - key: role
              type: string
              optional: true
              description: (access_token.role)
            - key: roles
              type: array
              optional: true
              description: (access_token.roles)
            - key: permissions
              type: string
              optional: true
              description: (access_token.permissions)
            - key: reason
              type: >-
                "invalid_jwt" | "invalid_session_cookie" |
                "no_session_cookie_provided"
              optional: true
              description: >-
                The reason authentication failed. Only present if `authenticated
                = false`.
originalPath: >-
  .tmp-workos-clone/packages/docs/content/reference/authkit/authentication/session-cookie.mdx
---

## Authenticate with session cookie

Authenticates a user using an AuthKit session cookie. This method does not make a network call, but simply unseals an existing session cookie and decodes the JWT claims from the [access token](/reference/authkit/session-tokens/access-token).

<CodeBlock referenceId="authenticate_with_session_cookie">
  <CodeBlockTab
    title="Request"
    file="authenticate-with-session-cookie-request"
  />
  <CodeBlockTab
    title="Success response"
    file="authenticate-with-session-cookie-success-response"
  />
  <CodeBlockTab
    title="Failure response"
    file="authenticate-with-session-cookie-failure-response"
  />
</CodeBlock>