Web3 Dictionary Logo
Web3 Dictionary
Contribute

Categories

AllBlockchainDappsDAOsDeFiNFTsRegulationSecuritySmart ContractsTokenomicsWalletsWeb3 GamingOthers
  1. Web3 Dictionary
  3. Wallets
  6. Session Key
Wallets

Session Key

Limited-permission cryptographic key authorizing specific actions without revealing master key.

Last Updated

2026-03-29

Related Concepts

Private KeyWalletAccount AbstractionSmart Account
Web3-Explorer Logo

Web3 Security

AD

Security frameworks, smart contract reviews, and compliance alignment to reduce risk and protect users.

Review Security Services

What is Session Key?

A session key is a temporary cryptographic key with restricted permissions that authorizes specific on-chain actions without exposing your master private key. It delegates limited signing authority for a defined scope and time window.

How does Session Key work?

  1. A smart account generates a session key with defined rules allowed contracts, spending limits, and expiry time.
  2. The session key signs transactions automatically within those boundaries.
  3. Actions outside the defined scope are rejected by the smart contract.
  4. The session key expires or can be revoked at any time.

Why does Session Key matter?

It enables smooth in-app experiences like games or DeFi bots without requiring the user to manually sign every transaction, while keeping the master key fully isolated.

Key features of Session Key

  • Scoped permissions cannot exceed defined contract or spend limits
  • Time-limited with automatic expiry
  • Reduces signing friction for repeated actions
  • Leaked session keys cause limited damage compared to a leaked master key

Examples of Session Key

A Web3 game grants a session key that can handle NFT trades up to $100 per transaction but cannot transfer funds to external addresses. Account abstraction wallets like Argent use session keys for gasless, seamless in-game actions.

External References

  • Account Abstraction
  • EIP-4337