Translations:Manual:SessionManager and AuthManager/11/en

Usually this means cookies holding the "session key" and the user's ID and token, but it could as easily be based on credentials in OAuth headers or a TLS client certificate.