How can useUser() in the Auth0 nextjs-auth0 library lookup a user without reading cookies?

Auth0's useUser() attempts to fetch a logged in user from /api/auth/me, which calls handleAuth(), which initiates Auth0 (creates sessionCache instance, etc.) and calls profileHandler(req, res).

In the profileHandler, we see a call to sessionCache.isAuthenticated(req, res), which in turn checks the sessionCache instance for a previous session entry (key: req object, value: Encrypted object containing user info, access_token, id_token, etc.).

Since each API call, i.e. each call of handleAuth(), whether from /api/auth/me, /api/auth/login, or otherwise, is a separate serverless function call, will profileHandler (/api/auth/me) really ever find an entry in the sessionCache?

I know we add an entry there at login (in callbackHandler), but I do not understand how that cache value persists between two separate Serverless Function calls.

nextjs-auth0 states in the docs:

> By default, the session is stateless and stored in an encrypted
> cookie. But if you want a stateful session you can provide a store
> with get, set and destroy methods to store the session on the
> server.

So, we know it is stateless.

> I do not understand how that cache value persists between two separate Serverless Function calls.

The session is stored in a cookie and every separate Serverless Function call reads that cookie and populates the sessionCache (which stores the session in a WeakMap per request). The sessionCache is just there to make sure you can access the session multiple times during the lifecycle of a single request without having to read/decrypt the cookie every time.