These session tokens are generated through traditional login mechanisms such as: email + OTP, Google login, etc. Once a session token has been generated, it is up to the client to extend the session before the token expires.

It is recommended that your client automatically extend the user session on an ongoing basis (e.g., via setTimeout).

While the web interface supports multiple login mechanisms (including logging in using your Google account), only creating the session via the email + OTP is officially documented here.

Regardless of how the session is created, it can be extended in the same way.