1.0.X

This SDK documentation is outdated. Please do not refer to it, and instead visit the User Guides section.

Session Handle

Each session has a unique identifier which stays constant until the end of the session. This is not the access, nor the refresh token, it is merely a "handle" to the session, hence the name.

Please see the API reference to learn more about the functions used below.

Obtaining a session's handle

// get session handle of the current request
String handle = session.getSessionHandle()

// get all sessions belonging to a user
String[] sessionHandles = SuperTokens.getAllSessionHandlesForUser(userId);

Get and update JWT Payload

Map<String, Object> jwtPayload = SuperTokens.getJWTPayload(sessionHandle);

SuperTokens.updateJWTPayload(sessionHandle, newJWTPayload);

Get and update session data

Map<String, Object> sessionData = SuperTokens.getSessionData(sessionHandle);
SuperTokens.updateSessionData(sessionHandle, newSessionData);

Revoking a session

// revoke a single session
boolean revoked = SuperTokens.revokeSession(sessionHandle);
if (revoked) {
    // successfully revoked
} else {
    // session did not exist
}

// revoke multiple sessions
String[] sessionsRevoked = SuperTokens.revokeMultipleSessions(new String[]{sessionHandle1, sessionHandle2});

// revoke all sessions for a user
String[] sessionsRevoked = SuperTokens.revokeAllSessionsForUser(userId);
Handling CORSconfig