Session Verification in API
Requiring an active session#
For your APIs that require a user to be logged in, use the verifySession middleware:
- NodeJS
let Session = require("supertokens-node/recipe/session");
app.post("/like-comment", Session.verifySession(), (req, res) => { let userId = req.session.getUserId(); //....});req.session object#
This object exposes the following functions:
Optional session verification#
Sometimes, you want an API to be accessible even if there is no session. In that case, you can use the sessionRequired flag:
- NodeJS
let Session = require("supertokens-node/recipe/session");
app.post("/like-comment", Session.verifySession({sessionRequired: false}), (req, res) => { if (req.session !== undefined) { let userId = req.session.getUserId(); } else { // user is not logged in... }});