Yes, it is possible to use the Ory Session Cookie to fetch a session. When a user signs in through the browser-based login flow, an Ory Session Cookie is issued. To get the session payload, you can send a request to the

/sessions/whoami

endpoint. Here is an example of how to do this in a React application:

javascript import { Configuration, FrontendApi, Session } from "@ory/client"   import { useEffect, useState } from "react"      const frontend = new FrontendApi(     new Configuration({       basePath: "<http://localhost:4000>", // Use your local Ory Tunnel URL       baseOptions: {         withCredentials: true,       },     }),   )      export function checkSession() {     const [session, setSession] = useState<Session>(undefined)        useEffect(() => {       frontend         // the cookie is automatically sent with the request         .toSession()         .then(({ data: session }) => {           setSession(session)         })         .catch((error) => {           // The session could not be fetched           // This might occur if the current session has expired         })     }, [])        return session ? (       <table>         <tr>           <th>Session ID</th>           <th>Expires at</th>           <th>Authenticated at</th>         </tr>         <tr id={session.id}>           <td>{session.id}</td>           <td>{session.expires_at || ""}</td>           <td>{session.authenticated_at || ""}</td>         </tr>       </table>     ) : (       <div>Loading session data...</div>     )   }

However, it's important to note that Ory Session Cookies and Ory Session Tokens are used in different contexts. Ory Session Cookies are used when the interaction is performed through a web browser, while Ory Session Tokens are used when the interaction is performed by a client other than a web browser, for example, a native mobile app. For security reasons, you can't break the isolation between cookies and session tokens. If you need to convert an Ory Session to a JSON Web Token (JWT), Ory provides a guide on how to do this. This might be useful in contexts where relying on Cookies is not possible, such as making a cross-origin (CORS) request where including the Ory Session Cookie is not trivial or possible, or when you need a JWT which represents a signed-in user. Sources: - [Using Ory Session Cookie](https://www.ory.sh/docs/kratos/session-management/overview#using-ory-session-cookie) - [Ory Session Management Overview](https://www.ory.sh/docs/kratos/session-management/overview) - [Convert Ory Sessions to JSON Web Tokens](https://www.ory.sh/docs/identities/session-to-jwt-cors)