User Logout
- Logging out a user from a particular device can be done via revoking that user session using a
sessionHandle
. - If you want to revoke all sessions belonging to a user, you will only need their userId.
sessionHandle
If you have a revokeSessionUsingSessionHandle
function: API Reference
Call the supertokens.revokeSessionUsingSessionHandle(sessionHandle);
- Use this to logout a user from their current session
- Does not clear any cookies
userId
If you have a revokeAllSessionsForUser
function: API Reference
Call the supertokens.revokeAllSessionsForUser(userId);
- Use this to logout a user from all their devices.
- Does not clear any cookies
Example
const supertokens = require("supertokens-node/session");
async function logoutAPI() {
// first we verify the session.
let session;
try {
let accessToken = //...
let antiCsrfToken = //...
let response = await supertokens.getSession(accessToken, antiCsrfToken);
// .. check if received a new access token and handle that.
session = response.session;
} catch (err) {
//...
}
try {
let success = await supertokens.revokeSessionUsingSessionHandle(session.sessionHandle);
if (success) {
clearAuthCookies();
} else {
// either sessionHandle is invalid, or session was already removed.
}
} catch (err) {
// something went wrong.
}
}
// -------------------------------------------------
async function logoutAllSessionsForUser(userId) {
try {
await supertokens.revokeAllSessionsForUser(userId);
} catch (err) {
console.log("Something went wrong");
}
}
function clearAuthCookies() {
// clear sAccessToken, sRefreshToken, sIdRefreshToken
}
import * as supertokens from "supertokens-node/session";
async function logoutAPI() {
// first we verify the session.
let session;
try {
let accessToken = //...
let antiCsrfToken = //...
let response = await supertokens.getSession(accessToken, antiCsrfToken);
// .. check if received a new access token and handle that.
session = response.session;
} catch (err) {
//...
}
try {
let success = await supertokens.revokeSessionUsingSessionHandle(session.sessionHandle);
if (success) {
clearAuthCookies();
} else {
// either sessionHandle is invalid, or session was already removed.
}
} catch (err) {
// something went wrong.
}
}
// -------------------------------------------------
async function logoutAllSessionsForUser(userId: string) {
try {
await supertokens.revokeAllSessionsForUser(userId);
} catch (err) {
console.log("Something went wrong");
}
}
function clearAuthCookies() {
// clear sAccessToken, sRefreshToken, sIdRefreshToken
}