SuperTokens

SuperTokens

  • Docs
  • Discord
  • Blog

›Sessions

SIDEBAR_REPLACE_DOC_About this recipe

  • About this recipe

Quick setup

  • Frontend
  • Backend
  • Core

    • Self Hosted setup with Docker
    • Self Hosted setup without Docker
    • Managed Service

    Database Setup

    • MySQL
    • PostgreSQL
    • MongoDB
    • Rename database tables

Common customizations

  • Redirect To Auth Screen
  • Sign Out
  • SignUp Form

    • Prerequisite
    • Adding Extra Fields
    • Adding / Modifying field validators
    • Built in providers
    • Custom providers
    • Embed in a page
    • Terms of service & Privacy policy links
    • Show Sign Up by default

    SignIn Form

    • Prerequisite
    • Adding / Modifying field validators
    • Built in providers
    • Custom providers
    • Password managers
    • Embed in a page
  • Post sign up callbacks
  • Post sign in callbacks
  • User Roles

    • Assigning roles to users
    • Assigning roles to a session
    • Reading roles in an API
    • Reading roles in the frontend
    • Updating roles in a session

    Reset Password

    • About
    • Reset Password Email
    • Embed in a page

    Email Verification

    • About
    • Customising the email sent
    • Embed in a page

    Sessions

    • About
    • Storing session data
    • Session Verification in API
    • Revoking a session manually
    • Change session timeout
    • Checking if a session exists on the frontend
    • Get user information on the frontend
    • Fetching sessions for a user
    • Update JWT Payload
    • Update Session Data
    • Cookies and Https
    • Cookie Consent
    • Share sessions across sub domains
    • Anti CSRF
    • Same site cookies
    • JWT Signing key rotation
    • Access token blacklisting
    • Customizing Error Handling

    Styling

    • Changing Colours
    • Changing Style via CSS
    • Themes

    Changing base path

    • Website Base Path
    • API Base Path
  • User Pagination
  • Core

    • Adding API Keys
    • Tuning Performance
    • Logging

    Core CLI

    • Overview
    • Start
    • List
    • Stop
    • Uninstall

NextJS

  • About
  • 1. Configuration
  • 2. Showing Login UI
  • 3. Adding auth APIs
  • 4. Protecting a website route
  • 5. Session verification

    • 5a. Session verification in an API call
    • 5b. Session verification in getServerSideProps
  • 6. Next steps

SIDEBAR_REPLACE_DOC_Serverless Optimisation

  • Running on serverless env

SIDEBAR_REPLACE_DOC_SDKs API Reference

  • SDKs API Reference

Storing session data

A session is created automatically when the user signs in or signs up.

A session can hold two types of data:

  • JWT payload:
    • The access token is a JWT (JSON web token). The contents of the JWT is called the JWT payload.
    • This content is instantly (without a db call) accessible post session verification in an API, and is also accessible on the frontend.
    • The contents can be changed anytime post session verification.
    • An example of what can be stored in this is a user's role.
    • The default value is {}
  • Session data:
    • This data is stored in the database, mapped against a session (each session has a constant ID called the sessionHandle).
    • A sessionHandle can be obtained post session verification in an API, after which this data can be fetched / changed.
    • Use this to store any sensitive data associated with a session, that should not be sent to the frontend.
    • The default value is {}

The default values can be changed by configuring setJwtPayload and setSessionData in the sessionFeature attribute when initializing the recipe:

NodeJS
let SuperTokens = require("supertokens-node");
let ThirdPartyEmailPassword = require("supertokens-node/recipe/thirdpartyemailpassword");

SuperTokens.init({
SuperTokens: {...},
appInfo: {...},
recipeList: [
ThirdPartyEmailPassword.init({
sessionFeature: {
setJwtPayload: async (user, context, action) => {
// The value of "action" is "signin" | "signup"
// The value of context depends on which method (emailpassword/thirdparty) is used to perform the above "action".
return { someKey: "someValue" }
},
setSessionData: async (user, context, action) => {
// The value of "action" is "signin" | "signup"
// The value of context depends on which login type(emailpassword/thirdparty) is used to perform the above "action".
return { someKey: "someValue" }
}
}

}),
]
});
← AboutSession Verification in API →