Frontastic provides a user session that is primarily used by API hub code itself. However, if you implement a custom controller or use the Symfony framework for any other kind of extension, you can add custom data to this session on a fair use basis.
In this case, fair use means that a session should only contain references to identify resources that belong to the user in backend systems. For example, cart ID, user ID, account ID, and so on. These should be small strings and be overall less than 1kb of data. You should never put large chunks of data into a session and you should never store the objects themselves.
If you're using our session, it's very hard to validate whether the data or an object is small or not, so we don't do this validation. It's up to you to make sure that you're only using references or IDs.
Updated about 1 year ago