> ## Documentation Index > Fetch the complete documentation index at: https://docs.polygon.technology/llms.txt > Use this file to discover all available pages before exploring further. # Smart Sessions: Technical Deep Dive > How implicit and explicit sessions work under the hood, their security guarantees, and how to combine them for payment flows. Smart Sessions solve the core UX problem in wallet-based apps: every transaction requiring a user approval prompt. For payment products, this creates unacceptable friction. Smart Sessions replace per-transaction approvals with a scoped, time-limited permission grant enforced onchain. See the [Smart Sessions](/wallets/smart-sessions) page for integration code and configuration examples. ## Two types of Smart Sessions Sequence offers two distinct session types, each designed for a different purpose: * **Implicit Sessions**: maximum convenience within a single, trusted app. * **Explicit Sessions**: granular, user-approved control over any onchain action. *** ## Implicit Sessions An Implicit Session is the simplest and most common type. Its purpose is to make the experience inside a single app as smooth as possible: zero approval prompts, gas sponsored by the app. ### How it works 1. The user connects their wallet to your app (e.g., `app.yourproduct.com`). 2. A session is automatically created, cryptographically locked to that specific domain, with no user approval required. 3. The user can perform any action inside that app without further prompts. ### Security guardrail If the app attempts to use this session to call a contract outside its domain, such as calling the USDC contract directly, the transaction is automatically rejected onchain. The session is only valid for the app's own smart contracts. All transactions must be sponsored by the app when using Implicit Sessions. Using any other currency as a fee option is treated as an external contract interaction and will be blocked. ### At a glance | Aspect | Details | | ---------- | ------------------------------------------------------------- | | Best for | Day-to-day use within a fully gas-sponsored app, zero prompts | | Constraint | Cannot interact with any external smart contract | | Gas | App must sponsor all gas | *** ## Explicit Sessions An Explicit Session is designed for when an app needs to perform specific tasks that interact with external protocols: stablecoin transfers, DeFi interactions, or any flow where the user should review and approve a defined scope. ### How it works 1. The app presents the wallet with a list of specific permissions it needs: which contract, which method, maximum amount, expiry. 2. The wallet displays these rules in a human-readable format for the user to review and approve. 3. The app can then execute those actions automatically without further prompts. ### Security guardrail Each rule is validated onchain. If the app attempts anything outside the approved scope, such as spending 101 USDC instead of 100, calling `approve` instead of `transfer`, or targeting a different address, the transaction fails at the contract level. ### At a glance | Aspect | Details | | ---------- | ------------------------------------------------------------------------ | | Best for | External contract interactions, stablecoin transfers, recurring payments | | Constraint | Requires one upfront user approval | | Gas | User or app can pay | *** ## Combining session types Most payment products use both session types together: 1. **Implicit session** for in-app UI interactions: status checks, balance reads, small in-app transfers within your own contracts. 2. **Explicit session** for external transfers or protocol interactions that require user-scoped approval. When an Implicit Session goes out of scope, Sequence SDKs automatically fall back to a single-transaction approval. For repeated out-of-scope actions, request an Explicit Session to restore uninterrupted execution. ## Onchain enforcement Smart Session rules are part of the wallet's [Merkleized configuration](/wallets/wallet-configuration). They are cryptographically verifiable without trusting any off-chain service. Transactions that exceed the defined scope are rejected at the contract level; your app cannot exceed what the user approved, even accidentally.