How does the Identity and Cookies work for authentication?

I’m running into an issue after attempting to log out my user on the mobile app and trying to understand how the authentication process works to troubleshoot. There’s already a post assigned to fix the mobile logout issue, but it’s led me to question how everything works.

It seems there are three components (Session, Cookie, and Identity).

  1. Session
    • I’m storing them in Redis
    • Why are there so many for the same user?
  2. Cookie
    • Stored on the local machine
    • Not sure if there should be a difference between Electron and Browser or if they somehow use the same cookie
  3. Identity
    • How does this work, where is it stored, and can I manually remove it?

Also, how are all of these tied together?

For example, I have a mobile app (Electron) that registers and logs into my API server. Then the user clicks a button in the Electron app that connects their Google account to pull data via OAuth. This requires launching an external browser that connects to the API server, which connects to Google OAuth. Google Oauth redirects back to the API server, which then redirects to the Electron app.

My question is, do I need to have the user login separately in the external browser before being able to run the API for Google Oauth, or does it somehow know the identity based on the log in via the Electron app? I never set up a login page for the API Server, and the process was previously working before I started testing the logout process. Hence, my guess is Wappler somehow passed the identity from Electron to API Server, but now that it’s broken, I’m questioning how it worked previously.