Back to Docs
Recipe

Session Management

Persistent hardware-bound sessions with offline grace windows and automatic revalidation.

Overview

Meridian sessions bind a license to a specific machine fingerprint. Once activated, the session persists across reboots and network interruptions. A signed offline cache allows the product to run for up to 72 hours without phoning home.

Session Lifecycle

1

Activate

Fingerprint + license key sent to KeyAuth. Server returns signed session token.

2

Cache

Token written to disk with HMAC. Valid for offline use up to the grace window.

3

Revalidate

On reconnect, loader refreshes token silently. Expired sessions require re-auth.

Offline Grace

The loader stores an HMAC-signed blob containing the session expiry and hardware fingerprint. On startup without internet, it verifies the HMAC against a baked-in secret, checks the machine fingerprint hasn't changed, and allows execution if within the 72-hour window.

grace_cache :: session_token + hmac_sha256 + expiry_utc + hwid_hash

Circuit Breakers

Repeated auth failures trigger exponential backoff with jitter. After five consecutive failures, the loader enters a 15-minute cooldown. This prevents brute-force attempts and protects the KeyAuth rate limits.

Next: Hardware Fingerprinting — learn how Meridian derives a stable machine identity.