diff --git a/src/Authkit2.php b/src/Authkit2.php
index afef81d..6a3f567 100644
--- a/src/Authkit2.php
+++ b/src/Authkit2.php
@@ -46,7 +46,7 @@ class Authkit2
 		$this->callbacks[$name] = $value;
 	}
 
-	public function __callStatic(string $name, array $arguments)
+	public static function __callStatic(string $name, array $arguments)
 	{
 		$authkit2 = static::get();
 		if (!isset($authkit2->callbacks[$name]))
@@ -66,6 +66,7 @@ class Authkit2
 			$value = $generator();
 			static::cache_set($key, $value);
 		}
+		return $value;
 	}
 
 	protected function initializeNative()
@@ -87,13 +88,13 @@ class Authkit2
 	protected function native_session_get($key)
 	{
 		$this->native_session_check();
-		return $_SESSION[static::LIB_PREFIX.$key];
+		return $_SESSION[static::LIB_PREFIX.$key] ?? null;
 	}
 
 	protected function native_session_set($key, $value)
 	{
 		$this->native_session_check();
-		$_SESSION[static::LIB_PREFIX.$key];
+		$_SESSION[static::LIB_PREFIX.$key] = $value;
 	}
 
 	protected function native_session_check()
diff --git a/src/Oidc/Client.php b/src/Oidc/Client.php
index c8953ec..7881173 100644
--- a/src/Oidc/Client.php
+++ b/src/Oidc/Client.php
@@ -1,6 +1,7 @@
 <?php
 
 namespace authkit2\Oidc;
+use authkit2\Authkit2;
 
 /**
  * OpenId Connect HTTP Client Library
@@ -108,8 +109,10 @@ class Client
 	{
 		if (!isset(static::$oidc_config))
 		{
-			$response = (new \GuzzleHttp\Client())->get(static::$oidc_url.'/.well-known/openid-configuration');
-			static::$oidc_config = json_decode($response->getBody(), true);
+			static::$oidc_config = Authkit2::cache('oidc.config', function() {
+				$response = (new \GuzzleHttp\Client())->get(static::$oidc_url.'/.well-known/openid-configuration');
+				return json_decode($response->getBody(), true);
+			});
 
 		}
 		return static::$oidc_config;
diff --git a/src/Oidc/Flows/UserFlow.php b/src/Oidc/Flows/UserFlow.php
index 34017d2..e528e46 100644
--- a/src/Oidc/Flows/UserFlow.php
+++ b/src/Oidc/Flows/UserFlow.php
@@ -1,6 +1,7 @@
 <?php
 
 namespace authkit2\Oidc\Flows;
+use authkit2\Authkit2;
 use authkit2\Oidc\Client;
 use authkit2\Oidc\Authentication\ClientAuthentication;
 use authkit2\Oidc\Token;
@@ -52,9 +53,10 @@ class UserFlow
 		// We use 30 because that should generate an even number of base64 characters
 		// and not require padding. (6 bits / char)
 		$state = base64_encode(random_bytes(30));
-		$this->prepareSession();
 		// Keep a list of all valid states we've generated
-		array_push($_SESSION['authkit2.state'], $state);
+		$states = Authkit2::session_get('userflow.state') ?? [];
+		array_push($states, $state);
+		Authkit2::session_set('userflow.state', $states);
 
 		return $this->client->getEndpointUrl('authorization').'?'.http_build_query([
 			'client_id' => $this->client_id,
@@ -73,12 +75,13 @@ class UserFlow
 	 */
 	public function validateState(string $state): void
 	{
-		$this->prepareSession();
-		for ($i=0; $i<sizeof($_SESSION['authkit2.state']); $i++)
+		$states = Authkit2::session_get('userflow.state') ?? [];
+		for ($i=0; $i<sizeof($states); $i++)
 		{
-			if ($_SESSION['authkit2.state'][$i] == $state)
+			if ($states[$i] == $state)
 			{
-				$_SESSION['authkit2.state'] = array_splice($_SESSION['authkit2.state'], $i, 1);
+				$states = array_splice($states, $i, 1);
+				Authkit2::session_set('userflow.state', $states);
 				return;
 			}
 		}
@@ -104,21 +107,5 @@ class UserFlow
 		return Token::fromResponse($response);
 	}
 
-	/**
-	 * Ensure that a PHP session exists for storing the state information in
-	 *
-	 * @return void
-	 */
-	protected function prepareSession(): void
-	{
-		// If a session doesn't exist, start one
-		// TODO: PHP_SESSION_DISABLED shouldn't happen in any sane universe, but
-		// throw an exception if that's the case
-		if (session_status() == \PHP_SESSION_NONE)
-			session_start();
-		if (!isset($_SESSION['authkit2.state']))
-			$_SESSION['authkit2.state'] = [];
-	}
 }
 
-
diff --git a/src/Oidc/Token.php b/src/Oidc/Token.php
index 6f94c75..87f0c79 100644
--- a/src/Oidc/Token.php
+++ b/src/Oidc/Token.php
@@ -1,7 +1,8 @@
 <?php
 
 namespace authkit2\Oidc;
-use \authkit2\Oidc\Client;
+use authkit2\Authkit2;
+use authkit2\Oidc\Client;
 use Firebase\JWT\JWT;
 use Firebase\JWT\JWK;
 
@@ -115,9 +116,12 @@ class Token
 	 */
 	protected function decode(): object
 	{
-		$jwks_response = $this->getClient()->get(Client::getOidcConfig()['jwks_uri']);
-		$jwks_response = json_decode(json_encode($jwks_response), true);
-		return JWT::decode($this->access_token, JWK::parseKeySet($jwks_response), Client::getOidcConfig()['id_token_signing_alg_values_supported']);
+		$client = $this->getClient();
+		$jwks = Authkit2::cache('oidc.jwks', function() use ($client) {
+			$response = $client->get(Client::getOidcConfig()['jwks_uri']);
+			return json_decode(json_encode($response), true);
+		});
+		return JWT::decode($this->access_token, JWK::parseKeySet($jwks), Client::getOidcConfig()['id_token_signing_alg_values_supported']);
 	}
 
 	/**