# Strong vs weak sessions

a **strong** session is one that should have the power to do account level admin tasks like change password
 

a **weak** session has strictly fewer privileges than a strong session

## where to get a strong session

a strong session is created when a user provides a username and a password. a session remains strong until it is refreshed, at which point it becomes weak.

## where to get a weak session

A weak session is any session that has not been directly created by user credentials, i.e.:
* short-term session refresh
* long-term session refresh