site/docs/red-team/troubleshooting/multi-turn-sessions.md
Session management is important for multi-turn strategies like Crescendo, GOAT, and Hydra. In these cases you want to make sure that the target system is able to maintain context between turns.
Use the default replay mode when the target expects the full conversation transcript in every request. Use stateful: true only when the target provider stores prior turns and expects just the newest message on each request.
For HTTP and WebSocket targets, there are two common ways sessions can be managed:
If you are using a Promptfoo provider like HTTP or WebSocket, Promptfoo has a built-in function to generate a unique UUID for each test case. The UUID can then be used to maintain context between turns.
Follow the instructions in the Client Side Session Management docs.
Promptfoo provides tools to extract the Session ID from the response and pass it to the next turn.
Follow the instructions in the Server Side Session Management docs.
If you are using the built-in JavaScript openai:agents:* provider, use the stateful red-team session pattern instead of the HTTP-specific patterns above.