> ## Documentation Index > Fetch the complete documentation index at: https://docs.polygon.technology/llms.txt > Use this file to discover all available pages before exploring further. # Smart Sessions Overview > Grant dApps temporary, limited permissions instead of requiring approval for every transaction. ## What Are Smart Sessions? Smart Sessions are the key to a Web2-like user experience in your dApp. Instead of asking users to approve every single transaction, a Smart Session allows a user to grant your dApp a temporary, secure, and strictly limited set of permissions. Think of it less like handing over a master key, and more like giving your application a special-purpose keycard with clear rules and an expiration date. This is useful for enabling features like: * **Improved UX:** Eliminate repetitive wallet pop-ups for common actions like staking, swapping, or listing items. * **Automation:** Execute transactions on a user's behalf, even when they are offline, for features like automated strategies or subscription services. * **Granular Security:** Define exactly what your dApp can and cannot do, minimizing risk and building user trust. *** ## How It Works: Key Concepts ### Paying for Gas with Native Tokens (ETH, MATIC, etc.) To allow session-signed transactions to include native token value, set a budget using `nativeTokenSpending.valueLimit`. If you want the wallet to present fee token options (including native token fees), enable fee option permissions (for example, by using `includeFeeOptionPermissions` when creating explicit sessions). This requests the additional permissions needed for fee payments. ### Paying for Gas with ERC-20 Tokens (USDC, etc.) Fee token options are provided through the fee-options flow. When enabled, the SDK can request the necessary permissions for ERC-20 fee payments and handle the selected fee token automatically. ### Security Best Practice: The Principle of Least Privilege We strongly recommend adding specific `rules` to every function permission you define. This enforces the principle of least privilege: granting a session only the exact permissions it needs to perform its job, and nothing more. While you can grant unrestricted access to a contract by providing an empty `functions` array, this should be done with caution as it gives the session broad authority. It is always more secure to be explicit. For example, locking an `approve` function to a specific `spender` address is always safer than leaving it open for any address. By defining clear rules, you build more secure Smart Sessions and provide greater peace of mind for your users.