`GetSession(response http.ResponseWriter, request *http.Request, doAntiCsrfCheck bool) (Session, error)`

response
- description: Response writer object from your API handler
request
- description: Request writer object from your API handler
doAntiCSRFCheck
- description: If enable_anti_csrf (in the SuperTokens config.yaml) is set to false, this value will be considered as false even if value true is passed

`GetSession(c *gin.Context, doAntiCsrfCheck bool) (Session, error)`

c
- description: Context object from your API handler
doAntiCSRFCheck
- description: If enable_anti_csrf (in the SuperTokens config.yaml) is set to false, this value will be considered as false even if value true is passed

Session on successful verification of a session. To know more about the Session object, click here
GeneralError
UnauthorizedError
- This is thrown if a session does not exist, or has been revoked (if blacklisting is switched on).
- When this is thrown, all the relevant auth cookies are cleared by this function call, so you can redirect the user to a login page.
TryRefreshTokenError
- This will be thrown if JWT verification fails. This happens, for example, if the token has expired or the JWT signing key has changed.
- This will be thrown if CSRF protection is on and anti-csrf token is missing or invalid.
- When this is thrown, none of the auth cookies are removed - you should return a session expired status code which will instruct your frontend to call the refresh token API endpoint.

This function will mostly never require an I/O operation since we are using JWT access tokens (assuming that blacklisting is disabled).
If doAntiCsrfCheck is true and enable_anti_csrf (in the SuperTokens config.yaml) is set to true, this function also provides CSRF protection. We strongly recommend that you set it to true for any non-GET API that requires user auth (except for the refresh session API).
May change the access token - but this is taken care of by this function and our frontend SDKs. You do need to worry about handling this.