Skip to main content

This is a contributors guide and NOT a user guide. Please visit these docs if you are using or evaluating SuperTokens.

Re-use getTokenTransferMethod to validate token transfer methods in verifySession and refreshSession


This is just a proposal so far, it hasn't been accepted and needs further discussion.

rishabhpoddar, porcellus
Proposed by:

Context and Problem Statement#

We want devs to be able to be able to specifically allow/disallow a token transfer method in verifySession and refreshSession. E.g.: A web only application wants to only ever want to use cookie based sessions (and httpOnly cookies), so they want to disable header based sessions.

Considered Options#

  • Re-use getTokenTransferMethod
  • Add a new allowTokenTransferMethod

Decision Outcome#

Re-use getTokenTransferMethod. Reasons:

  • Single function override if someone wants to only allow/use a single token transfer method

Pros and Cons of the Options#

Re-use getTokenTransferMethod#

  • Single configuration if you want to only allow a single token transfer method
  • Add a new allowTokenTransferMethod#

  • Very verbose and specific, making it easy to explain
  • If you only want to allow a single token transfer method you'd have to override `getTokenTransferMethod` anyway