Storing data in a session

info

A session is created automatically when the user signs in or signs up.

Types of storage#

A session can hold two types of data:

Access token payload:
- The access token is a signed cookie that can contain any JSON in it (similar to a JWT).
- This content is instantly accessible (without a db call) post session verification in an API, and is also accessible on the frontend.
- The contents can be changed anytime post session verification.
- An example of what can be stored in this is a user's role.
- By default, the payload contains:
```
{    userId: string,    expiryTime: number,    userData: {        // you can add custom info in here.    }    // ...other fields (which are all implementation details)}
```
Session data:
- This data is stored in the database, mapped against a session (each session has a constant ID called the sessionHandle).
- A sessionHandle can be obtained post session verification in an API, after which this data can be fetched / changed.
- Use this to store any sensitive data associated with a session, that should not be sent to the frontend.
- The default value is {}

How to store information in a session#

You can store info in the access token or in the session data by overriding the createNewSession function in the Session recipe:

NodeJS
GoLang
Python

let SuperTokens = require("supertokens-node");let Session = require("supertokens-node/recipe/session");
SuperTokens.init({    SuperTokens: {...},    appInfo: {...},    recipeList: [        ...        Session.init({            override: {                functions: (originalImplementation) => {                    return {                        ...originalImplementation,                        createNewSession: async function(input) {                            let userId = input.userId;
                            // This goes in the access token, and is availble to read on the frontend.                            input.accessTokenPayload = {                                ...input.accessTokenPayload,                                someKey: "someValue",                            };
                            // This is stored in the db against the sessionHandle for this session                            input.sessionData = {                                ...input.sessionData,                                someKey: "someValue",                            };
                            return originalImplementation.createNewSession(input);                        },                    };                },            },        })    ]});

func main() {    supertokens.Init(supertokens.TypeInput{        RecipeList: []supertokens.Recipe{            session.Init(&sessmodels.TypeInput{                Override: &sessmodels.OverrideStruct{                    Functions: func(originalImplementation sessmodels.RecipeInterface) sessmodels.RecipeInterface {                        // First we copy the original implementation func                        originalCreateNewSession := *originalImplementation.CreateNewSession
                        // Now we override the CreateNewSession function                        (*originalImplementation.CreateNewSession) = func(res http.ResponseWriter, userID string, accessTokenPayload, sessionData map[string]interface{}) (sessmodels.SessionContainer, error) {
                            // This goes in the access token, and is availble to read on the frontend.                            if accessTokenPayload == nil {                                accessTokenPayload = map[string]interface{}{}                            }                            accessTokenPayload["someKey"] = "someValue"
                            // This is stored in the db against the sessionHandle for this session                            if sessionData == nil {                                sessionData = map[string]interface{}{}                            }                            sessionData["someKey"] = "someValue"
                            return originalCreateNewSession(res, userID, accessTokenPayload, sessionData)                        }
                        return originalImplementation                    },                },            }),        },    })}

from supertokens_python import init, session
def override_functions(original_implementation):    original_implementation_create_new_session = original_implementation.create_new_session
    async def create_new_session(request: any, user_id: str, access_token_payload: Union[dict, None] = None,                                 session_data: Union[dict, None] = None):        if session_data is None:            session_data = {}
        if access_token_payload is None:            access_token_payload = {}
        # This is stored in the db against the sessionHandle for this session        session_data[someKey] = 'someValue'
        # This goes in the access token, and is availble to read on the frontend.        access_token_payload[someKey] = 'someValue'
        return await original_implementation_create_new_session(request, user_id, access_token_payload, session_data)
    original_implementation.create_new_session = create_new_session    return original_implementation
init({    'supertokens': {...},    'app_info': {...},    'recipe_list': [        ...        session.init({            'override': {                'functions': override_functions            },        })    ]})