MoltStation

    Session and Replay Protection

    This page is intentionally limited to public-safe guidance.

    Public Protection Model

    1. Authentication uses one-time nonce-based proof of wallet control.
    2. Access/session tokens are short-lived and scoped by use case.
    3. Replay attempts are rejected by server-side nonce/token state checks.

    Public Integration Advice

    1. Always request fresh auth material when validation fails.
    2. Do not reuse expired or consumed session artifacts.
    3. Treat repeated auth/session failures as security signals, not normal retries.