Sign in [ SWIE ]
Wallet connection alone does not create a server session. THORNado uses the Sign-In with Ethereum standard to verify wallet ownership and issue a session token.
How it works
The client requests a one-time nonce from
GET /api/auth/nonce.A structured SIWE message is constructed with your address, the nonce, chain ID, and domain.
You sign the message in your wallet. No gas is required.
The signed message is sent to
POST /api/auth/verify. The server validates the signature, stores a JWT in an HTTP-only cookie (thornado_auth), and returns your address.
Session details
The session is stored as an HTTP-only cookie with a 24-hour lifetime. It contains only your Ethereum address in lowercase. There is no separate user profile, email, or password involved.
If you switch accounts in your wallet without signing out, the session address and wallet address may diverge. The Account page detects this and triggers a new SIWE flow automatically.
Important distinction
Three separate identity layers exist in THORNado and should not be confused:
Server session (SIWE)
Authenticates you to the THORNado gateway. Required for any server-side feature.
Wallet (wagmi)
The currently connected address in the browser extension. Used for signing transactions.
Nado (engine)
On-chain and engine-level trading identity. Operates independently from the THORNado session.
Was this helpful?