Which UI do you use?

Custom UI

Pre built UI

Cookies and Https

SuperTokens ensures that cookies are secured by enabling the secure flag when generating session cookies.

When set, the secure attribute limits the scope of the cookie to be attached only to secure domains. This results in the cookie only being attached to requests transmitted over https. This, in turn, prevents cookie theft via man in the middle attacks.

important

If not explicitly set, SuperTokens automatically determines the value for the secure attribute based on your API domain having http or https.

Explicitly setting the secure attribute

NodeJS

Important

For other backend frameworks, you can follow our guide on how to spin up a separate server configured with the SuperTokens backend SDK to authenticate requests and issue session tokens.

GoLang

import SuperTokens from "supertokens-node";
import Session from "supertokens-node/recipe/session";

SuperTokens.init({
    supertokens: {
        connectionURI: "...",
    },
    appInfo: {
        apiDomain: "...",
        appName: "...",
        websiteDomain: "..."
    },
    recipeList: [
        Session.init({
            cookieSecure: true,
        })
    ]
});

Python

import (
    "github.com/supertokens/supertokens-golang/recipe/session"
    "github.com/supertokens/supertokens-golang/recipe/session/sessmodels"
    "github.com/supertokens/supertokens-golang/supertokens"
)

func main() {
    cookieSecure := true

    supertokens.Init(supertokens.TypeInput{
        RecipeList: []supertokens.Recipe{
            session.Init(&sessmodels.TypeInput{
                CookieSecure: &cookieSecure,
            }),
        },
    })
}

Other Frameworks

from supertokens_python import init, InputAppInfo
from supertokens_python.recipe import session

init(
    app_info=InputAppInfo(api_domain="...", app_name="...", website_domain="..."),
    framework='...', 
    recipe_list=[
        session.init(
            cookie_secure=True
        )
    ]
)