diff --git a/session/container.go b/session/container.go
index d11ed86..b1000af 100644
--- a/session/container.go
+++ b/session/container.go
@@ -376,3 +376,25 @@ func (x Container) AssertAuthKey(key neofscrypto.PublicKey) bool {
 
 	return bytes.Equal(bKey, x.body.GetSessionKey())
 }
+
+// IssuedBy returns true if session token is signed
+// and, therefore, owned by specified user.
+//
+// See also Sign.
+func (x Container) IssuedBy(id user.ID) bool {
+	var (
+		tokenOwner   user.ID
+		v2TokenOwner = x.body.GetOwnerID()
+	)
+
+	if v2TokenOwner == nil {
+		return false
+	}
+
+	err := tokenOwner.ReadFromV2(*v2TokenOwner)
+	if err != nil {
+		return false
+	}
+
+	return tokenOwner.Equals(id)
+}
diff --git a/session/container_test.go b/session/container_test.go
index 1b29038..6a40212 100644
--- a/session/container_test.go
+++ b/session/container_test.go
@@ -11,6 +11,7 @@ import (
 	cidtest "github.com/nspcc-dev/neofs-sdk-go/container/id/test"
 	"github.com/nspcc-dev/neofs-sdk-go/session"
 	sessiontest "github.com/nspcc-dev/neofs-sdk-go/session/test"
+	"github.com/nspcc-dev/neofs-sdk-go/user"
 	"github.com/stretchr/testify/require"
 )
 
@@ -285,3 +286,18 @@ func TestContainerSignature(t *testing.T) {
 		require.True(t, x.VerifySignature())
 	}
 }
+
+func TestContainer_IssuedBy(t *testing.T) {
+	var (
+		token  session.Container
+		issuer user.ID
+		signer = randSigner()
+	)
+
+	user.IDFromKey(&issuer, signer.PublicKey)
+
+	require.False(t, token.IssuedBy(issuer))
+
+	require.NoError(t, token.Sign(signer))
+	require.True(t, token.IssuedBy(issuer))
+}