Revoking a session manually
A session can be revoked in four ways.
Revoking the current user through the req object.
We provide a default sign out API that does something very similar to the code below. So please have a look at that page first.
let supertokens = require("supertokens-node");
let Session = require("supertokens-node/recipe/session");
app.use("/logout", Session.verifySession(), async (req, res) => {
await req.session.revokeSession();
res.send("Success! User session revoked");
});
- When calling this API from the frontend, please be sure to treat a
401response as successful (just like you would treat a200response). The reason is that401means the session has expired, which is equivalent to a successful logout.
Revoking a session using a sessionHandle.
let supertokens = require("supertokens-node");
let Session = require("supertokens-node/recipe/session");
app.use("/revoke-user-session", async (req, res) => {
let sessionHandle = req.body.sessionHandle
await Session.revokeSession(sessionHandle);
res.send("Success! User session revoked");
});
Revoking multiple sessions using session handles.
let supertokens = require("supertokens-node");
let Session = require("supertokens-node/recipe/session");
app.use("/revoke-multiple-sessions", async (req, res) => {
let sessionHandles = req.body.sessionHandles
await Session.revokeMultipleSessions(sessionHandles);
res.send("Success! All user sessions have been revoked");
});
Revoking all sessions for a user.
let supertokens = require("supertokens-node");
let Session = require("supertokens-node/recipe/session");
app.use("/revoke-all-user-sessions", async (req, res) => {
let userId = req.body.userId
await Session.revokeAllSessionsForUser(userId);
res.send("Success! All user sessions have been revoked");
});
All functions related to sessions can be found in the SDK docs