Access session data
Overview
The session data is accessible, both in the backend and on the frontend, after a user has successfully logged in. This guide shows you how to access different session properties.
Before you start
This guide only applies to scenarios which involve SuperTokens Session Access Tokens.
Access the JWT Token
On the backend
import express from "express";
import { verifySession } from "supertokens-node/recipe/session/framework/express";
let app = express();
app.get("/getJWT", verifySession(), async (req, res) => {
let session = req.session;
let jwt = session.getAccessToken();
res.json({ token: jwt })
});
On the frontend
1. Enable exposeAccessTokenToFrontendInCookieBasedAuth
When using cookie based auth, by default, the access token is not readable by the SDK on the frontend (since it's stored as httpOnly cookie).
To enable this, you need to set the exposeAccessTokenToFrontendInCookieBasedAuth parameter to true.
If you are only using header-based sessions, you can skip this step
import SuperTokens from "supertokens-node";
import Session from "supertokens-node/recipe/session";
SuperTokens.init({
supertokens: {
connectionURI: "..."
},
appInfo: {
apiDomain: "...",
appName: "...",
websiteDomain: "..."
},
recipeList: [
Session.init({
exposeAccessTokenToFrontendInCookieBasedAuth: true,
})
]
});
2. Read the access token
What type of UI are you using?
import Session from 'supertokens-auth-react/recipe/session';
async function getJWT() {
if (await Session.doesSessionExist()) {
let userId = await Session.getUserId();
let jwt = await Session.getAccessToken();
}
}
Access the Tenant ID
This feature is only relevant if you are using the multi tenancy feature.
The session's access token payload contains the tenant ID in the tId claim. You can access it in the following way:
On the backend
import express from "express";
import { verifySession } from "supertokens-node/recipe/session/framework/express";
import { SessionRequest } from "supertokens-node/framework/express";
let app = express();
app.post("/like-comment", verifySession(), (req: SessionRequest, res) => {
let tenantId = req.session!.getTenantId();
//....
});
If you are not using the backend SDK and are doing JWT verification yourself, you can fetch the tenant ID from the JWT by reading the tId claim.
On the frontend
You can read the tenant ID on the frontend by adding the tId claim from the access token payload.
Fetch all user sessions
Given a user ID, you can fetch all sessions that are active for that user in the following way:
import Session from "supertokens-node/recipe/session";
async function getSessions() {
let userId = "someUserId" // fetch somehow
// sessionHandles is string[]
let sessionHandles = await Session.getAllSessionHandlesForUser(userId);
sessionHandles.forEach((handle) => {
/* we can do the following with the handle:
* - revoke this session
* - change access token payload or session data
* - fetch access token payload or session data
*/
})
}
By default, the method returns all the session handles for the user across all the tenants.
If you want to fetch the sessions for a user in a specific tenant, you can pass the tenant ID as a parameter to the function call.