Session Verification in API

For your APIs that require a user to be logged in, use the verifySession middleware:

let Session = require("supertokens-node/recipe/session");

app.post("/like-comment", Session.verifySession(), (req, res) => {
    let userId = req.session.getUserId();
    //....
});

req.session object

This object exposes the following functions:

Optionally verify a session

Sometimes, you want an API to be accessible even if there is no session. In that case, you can use the sessionRequired flag:

let Session = require("supertokens-node/recipe/session");

app.post("/like-comment", 
    Session.verifySession({sessionRequired: false}),
    (req, res) => {
    if (req.session !== undefined) {
        let userId = req.session.getUserId();
    } else {
        // user is not logged in...
    }
});
Storing session dataRevoking a session manually