Skip to main content

Session Verification in API

Requiring an active session#

For your APIs that require a user to be logged in, use the verifySession middleware:

let Session = require("supertokens-node/recipe/session");
app.post("/like-comment", Session.verifySession(), (req, res) => {    let userId = req.session.getUserId();     //....});

req.session object#

This object exposes the following functions:

Optional session verification#

Sometimes, you want an API to be accessible even if there is no session. In that case, you can use the sessionRequired flag:

let Session = require("supertokens-node/recipe/session");
app.post("/like-comment",     Session.verifySession({sessionRequired: false}),     (req, res) => {    if (req.session !== undefined) {        let userId = req.session.getUserId();    } else {        // user is not logged in...    }});