SuperTokens

SuperTokens

  • Docs
  • Discord
  • Blog

›Sessions

SIDEBAR_REPLACE_DOC_About this recipe

  • About this recipe

Quick setup

  • Frontend
  • Backend
  • Core

    • Self Hosted setup with Docker
    • Self Hosted setup without Docker
    • Managed Service

    Database Setup

    • MySQL
    • PostgreSQL
    • MongoDB
    • Rename database tables

Common customizations

  • Redirect To Auth Screen
  • Sign Out
  • SignUp Form

    • Prerequisite
    • Adding Extra Fields
    • Adding / Modifying field validators
    • Built in providers
    • Custom providers
    • Embed in a page
    • Terms of service & Privacy policy links
    • Show Sign Up by default

    SignIn Form

    • Prerequisite
    • Adding / Modifying field validators
    • Built in providers
    • Custom providers
    • Password managers
    • Embed in a page
  • Post sign up callbacks
  • Post sign in callbacks
  • User Roles

    • Assigning roles to users
    • Assigning roles to a session
    • Reading roles in an API
    • Reading roles in the frontend
    • Updating roles in a session

    Reset Password

    • About
    • Reset Password Email
    • Embed in a page

    Email Verification

    • About
    • Customising the email sent
    • Embed in a page

    Sessions

    • About
    • Storing session data
    • Session Verification in API
    • Revoking a session manually
    • Change session timeout
    • Checking if a session exists on the frontend
    • Get user information on the frontend
    • Fetching sessions for a user
    • Update JWT Payload
    • Update Session Data
    • Cookies and Https
    • Cookie Consent
    • Share sessions across sub domains
    • Anti CSRF
    • Same site cookies
    • JWT Signing key rotation
    • Access token blacklisting
    • Customizing Error Handling

    Styling

    • Changing Colours
    • Changing Style via CSS
    • Themes

    Changing base path

    • Website Base Path
    • API Base Path
  • User Pagination
  • Core

    • Adding API Keys
    • Tuning Performance
    • Logging

    Core CLI

    • Overview
    • Start
    • List
    • Stop
    • Uninstall

NextJS

  • About
  • 1. Configuration
  • 2. Showing Login UI
  • 3. Adding auth APIs
  • 4. Protecting a website route
  • 5. Session verification

    • 5a. Session verification in an API call
    • 5b. Session verification in getServerSideProps
  • 6. Next steps

SIDEBAR_REPLACE_DOC_Serverless Optimisation

  • Running on serverless env

SIDEBAR_REPLACE_DOC_SDKs API Reference

  • SDKs API Reference

Revoking a session manually

A session can be revoked in four ways.

Revoking the current user through the req object.

We provide a default sign out API that does something very similar to the code below. So please have a look at that page first.

NodeJS
let supertokens = require("supertokens-node");
let Session = require("supertokens-node/recipe/session");

app.use("/logout", Session.verifySession(), async (req, res) => {

await req.session.revokeSession();

res.send("Success! User session revoked");
});
  • When calling this API from the frontend, please be sure to treat a 401 response as successful (just like you would treat a 200 response). The reason is that 401 means the session has expired, which is equivalent to a successful logout.

Revoking a session using a sessionHandle.

NodeJS
let supertokens = require("supertokens-node");
let Session = require("supertokens-node/recipe/session");

app.use("/revoke-user-session", async (req, res) => {

let sessionHandle = req.body.sessionHandle
await Session.revokeSession(sessionHandle);

res.send("Success! User session revoked");
});

Revoking multiple sessions using session handles.

NodeJS
let supertokens = require("supertokens-node");
let Session = require("supertokens-node/recipe/session");

app.use("/revoke-multiple-sessions", async (req, res) => {

let sessionHandles = req.body.sessionHandles
await Session.revokeMultipleSessions(sessionHandles);

res.send("Success! All user sessions have been revoked");
});

Revoking all sessions for a user.

NodeJS
let supertokens = require("supertokens-node");
let Session = require("supertokens-node/recipe/session");

app.use("/revoke-all-user-sessions", async (req, res) => {

let userId = req.body.userId
await Session.revokeAllSessionsForUser(userId);

res.send("Success! All user sessions have been revoked");
});

All functions related to sessions can be found in the SDK docs

← Session Verification in APIChange session timeout →