When a user is logged in, are key shares or an assembled key stored in the session?

[RonanKMcGovern]

Let's say a user logs in using a 1/1 flow (say Google login via Auth Network).

Once the user is logged in, is the private key stored in the session?

If not, what allows signatures to be performed?

If so, what are the possible attack vectors and how best to protect users?

[YZhenY]

In the SSS solution yes, in the MPC solution no. Ensure that your context is protected, look out for XSS vulnerabilities and your dependency stack.