1.1.X

This SDK documentation is outdated. Please do not refer to it, and instead visit the User Guides section.

Session Handle

Each session has a unique identifier which stays constant until the end of the session. This is not the access, nor the refresh token, it is merely a "handle" to the session, hence the name.

Please see the API reference to learn more about the functions used below.

Obtaining a session's handle

// get session handle of the current request
$session = $request->supertokens;
$handle = $session->getHandle();

// get all sessions belonging to a user
$sessionHandles = SuperTokens::getAllSessionHandlesForUser($userId);
foreach ($sessionHandles as $handle){ 
  // do something..
}

Get and update JWT Payload

$jwtPayload = SuperTokens::getJWTPayload($sessionHandle);

SuperTokens::updateJWTPayload($sessionHandle, $newJWTPayload);

Get and update session data

$sessionData = SuperTokens::getSessionData($sessionHandle);

SuperTokens::updateSessionData($sessionHandle, $newSessionData);

Revoking a session

// revoke a single session
$revoked = SuperTokens::revokeSession($sessionHandle);
if ($revoked) {
    // successfully revoked
} else {
    // session did not exist
}

// revoke multiple sessions
$sessionsRevoked = SuperTokens::revokeMultipleSessions(array($sessionHandle1, $sessionHandle2));
foreach ($sessionsRevoked as $handle){ 
  // do something with each revoked sessions
} 

// revoke all sessions for a user
$sessionsRevoked = SuperTokens::revokeAllSessionsForUser($userId);
foreach ($sessionsRevoked as $handle){ 
  // do something with each revoked sessions
}
Handling CORScreateNewSession