Cookie Consent

As per GDPR, the user does not need to give consent for your application to use session cookies. This is because they fall under essential cookies and not tracking cookies:

"While it is not required to obtain consent for these cookies, what they do and why they are necessary should be explained to the user."

Information about our session cookies 🍪

sAccessToken: This is the session's access token which is used in each API call to verify that the user was authenticated and to get their user ID.
sRefreshToken: This is the session's refresh token which is used to get a new access (and refresh token) when the existing access token expires.
sIdRefreshToken: Used to detect if a session is alive on the frontend.
front-token: Used to access a session's JWT payload and user ID on the frontend without exposing the sAccessToken.
anti-csrf: Used to prevent CSRF attacks.

SuperTokens

Core

Database Setup

Sign Up Form

Sign In Form

Reset Password

Email Verification

Sessions

Styling

Changing base path

Multi Tenancy

Advanced session management

Supertokens Core config

Make your own frontend

Make your own backend

Cookie Consent

Information about our session cookies 🍪