This method retrieves the current local session (i.e in memory).
The session contains a signed JWT and unencoded session data.
Since the unencoded session data is retrieved from the local storage medium, do not rely on it as a source of trusted data on the server. It could be tampered with by the sender. If you need verified, trustworthy user data, call get_user instead.
If the session has an expired access token, this method will use the refresh token to get a new session.