Yes, session information is encrypted via the xpack.security.encryptionKey that you define in your kibana.yml. We don't intend for this to be decrypted on your own though, and we make no guarantees as to the contents of the session data.
You can access browser cookies in react the way you would in any JavaScript based application: document.cookie. Keep in mind that this won't give you access to Kibana's session cookie, as its HttpOnly flag is set. You'll only be able to access cookies that aren't protected via HttpOnly.
You can set your own cookies to track user sessions if that's something you'd like to do.
If you want to get access to the current user, you can make a GET request to http://localhost:5601/api/security/v1/me (replacing localhost with your kibana instance). A word of caution though: this is not considered a public API, and is subject to change without warning between releases in ways that may not be backwards compatible.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.