User Logout

Logging out a user from a particular device can be done via revoking that user session using a sessionHandle.
If you want to revoke all sessions belonging to a user, you will only need their userId.

If you have a `sessionHandle`

Call the `revokeSessionUsingSessionHandle` function: API Reference

supertokens.revokeSessionUsingSessionHandle(sessionHandle);

Use this to logout a user from their current session
Does not clear any cookies

If you have a `userId`

Call the `revokeAllSessionsForUser` function: API Reference

supertokens.revokeAllSessionsForUser(userId);

Use this to logout a user from all their devices.
Does not clear any cookies

Example

Javascript

Typescript

const supertokens = require("supertokens-node/session");

async function logoutAPI() {
     // first we verify the session.
    let session;
    try {
        let accessToken = //...
        let antiCsrfToken = //...
        let response = await supertokens.getSession(accessToken, antiCsrfToken);
        // .. check if received a new access token and handle that.
        session = response.session;
    } catch (err) {
        //...
    }
    try {
        let success = await supertokens.revokeSessionUsingSessionHandle(session.sessionHandle);
        if (success) {
            clearAuthCookies();
        } else {
            // either sessionHandle is invalid, or session was already removed.
        }
    } catch (err) {
        // something went wrong.
    }
}

// -------------------------------------------------

async function logoutAllSessionsForUser(userId) {
    try {
        await supertokens.revokeAllSessionsForUser(userId);
    } catch (err) {
        console.log("Something went wrong");
    }
}

function clearAuthCookies() {
    // clear sAccessToken, sRefreshToken, sIdRefreshToken
}

import * as supertokens from "supertokens-node/session";

async function logoutAPI() {
     // first we verify the session.
    let session;
    try {
        let accessToken = //...
        let antiCsrfToken = //...
        let response = await supertokens.getSession(accessToken, antiCsrfToken);
        // .. check if received a new access token and handle that.
        session = response.session;
    } catch (err) {
        //...
    }
    try {
        let success = await supertokens.revokeSessionUsingSessionHandle(session.sessionHandle);
        if (success) {
            clearAuthCookies();
        } else {
            // either sessionHandle is invalid, or session was already removed.
        }
    } catch (err) {
        // something went wrong.
    }
}

// -------------------------------------------------

async function logoutAllSessionsForUser(userId: string) {
    try {
        await supertokens.revokeAllSessionsForUser(userId);
    } catch (err) {
        console.log("Something went wrong");
    }
}

function clearAuthCookies() {
    // clear sAccessToken, sRefreshToken, sIdRefreshToken
}

SuperTokens NodeJS

1.0.X

Session Object

User Logout

If you have a `sessionHandle`

Call the `revokeSessionUsingSessionHandle` function: API Reference

If you have a `userId`

Call the `revokeAllSessionsForUser` function: API Reference

Example

User Logout

If you have a sessionHandle

Call the revokeSessionUsingSessionHandle function: API Reference

If you have a userId

Call the revokeAllSessionsForUser function: API Reference

Example

If you have a `sessionHandle`

Call the `revokeSessionUsingSessionHandle` function: API Reference

If you have a `userId`

Call the `revokeAllSessionsForUser` function: API Reference