Nonces are generated numbers used to verify origin and intent of requests for security purposes.

A new one is created if one logs out and then back in.

We can verify a supplied nonce value against the value WP created. It returns true or false.

As the WP nonce was created on the page in WP, we can be sure the data received came from that page.

WP uses the tick cycle of 12 hrs starting from midnight.

A nonce is valid for 2 ticks, so a tick will not be valid in the third tick, so a maximum of 24hrs not a full 24hrs.

Great article on nonces:

Session Token:
$PageNonce = wp_create_nonce('NoncePageTest')
PageNonce = 504f821cc2
Invalid Nonce $InvalidNonce set by us:
InvalidNonce = 3dd3445tt3r33
Verify our CREATED NONCE: wp_verify_nonce($PageNonce,'NoncePageTest')
Verify our INVALID NONCE: wp_verify_nonce($InvalidNonce,'NoncePageTest')