This SDK documentation is outdated. Please do not refer to it, and instead visit the User Guides section.

Skip to main content
Version: Next

init

Session.init({
    cookieSecure?: boolean,
    cookieSameSite?: "strict" | "lax" | "none",
    sessionExpiredStatusCode?: number,
    cookieDomain?: string,
    errorHandlers?: ErrorHandlers,
    antiCsrf?: "NONE" | "VIA_CUSTOM_HEADER" | "VIA_TOKEN",
    override?: {
      functions?: function,
      apis?: function
    }
})

Parameters#

cookieSecure (Optional)#

  • Sets if the cookies are secure or not.
  • Default: If the apiDomain is https, this is true.

cookieSameSite (Optional)#

  • Sets the sameSite attribute for cookies issued by SuperTokens
  • Default: If the apiDomain and the websiteDomain share the same top level domain, then this is lax, else it's none.

sessionExpiredStatusCode (Optional)#

  • The HTTP status code your backend APIs send on session expiry
  • Default: 401

cookieDomain (Optional)#

  • The domain from which the cookies will be created
  • Default: The value of apiDomain

errorHandlers (Optional)#

  • You can override the default SuperTokens error handler and define your own custom error handlers for unauthorised or token theft detection
  • Default:
    • On unauthorised: Clear cookies and send a 401 status code to the frontend.
    • On token theft detection: Revoke the session, clear the cookies and send a 401 to the frontend.

antiCsrf (Optional)#

  • See this page
  • Default: If sameSite is none, this is VIA_TOKEN, else it's VIA_CUSTOM_HEADER.

override (Optional)#

  • Use this feature to override how this recipe behaves.
  • Default: undefined
Looking for older versions of the documentation?
Which UI do you use?
Custom UI
Pre built UI