Session Keys have two components
- An Ephemeral Keypair, intended to be used as a secondary signer in the target program.
- A Session Token, a PDA containing information about expiry and scope of the keypair.
How do they work?

- Ephemeral Keys are stored on the client side, to invoke transactions.
- The transactions invoked by these ephemeral keys are validated in the target program for their validity, expiry and scope.
- Every transaction needs to present both the ephemeral signer and the session token
- This is the general idea behind account abstraction, where instead of just an externally owned key there is also smart contract that enhances security.