Storing data in a session
info
A session is created automatically when the user signs in or signs up.
Types of storage#
A session can hold two types of data:
- Access token payload:
- The access token is a signed cookie that can contain any JSON in it (similar to a JWT).
- This content is instantly accessible (without a db call) post session verification in an API, and is also accessible on the frontend.
- The contents can be changed anytime post session verification.
- An example of what can be stored in this is a user's role.
- By default, the payload contains:
type AccessTokenInfo = { userId: string; expiryTime: number; userData: { // you can add custom info in here. } // ...other fields (which are all implementation details)}
- Session data:
- This data is stored in the database, mapped against a session (each session has a constant ID called the
sessionHandle). - A
sessionHandlecan be obtained post session verification in an API, after which this data can be fetched / changed. - Use this to store any sensitive data associated with a session, that should not be sent to the frontend.
- The default value is
{}
- This data is stored in the database, mapped against a session (each session has a constant ID called the
How to store information in a session#
You can store info in the access token or in the session data by overriding the createNewSession function in the Session recipe:
- NodeJS
- GoLang
- Python
import SuperTokens from "supertokens-node";import Session from "supertokens-node/recipe/session";
SuperTokens.init({ supertokens: { connectionURI: "...", }, appInfo: { apiDomain: "...", appName: "...", websiteDomain: "..." }, recipeList: [ // ... Session.init({ override: { functions: (originalImplementation) => { return { ...originalImplementation, createNewSession: async function (input) { let userId = input.userId;
// This goes in the access token, and is availble to read on the frontend. input.accessTokenPayload = { ...input.accessTokenPayload, someKey: "someValue", };
// This is stored in the db against the sessionHandle for this session input.sessionData = { ...input.sessionData, someKey: "someValue", };
return originalImplementation.createNewSession(input); }, }; }, }, }) ]});import ( "net/http"
"github.com/supertokens/supertokens-golang/recipe/session" "github.com/supertokens/supertokens-golang/recipe/session/sessmodels" "github.com/supertokens/supertokens-golang/supertokens")
func main() { supertokens.Init(supertokens.TypeInput{ RecipeList: []supertokens.Recipe{ session.Init(&sessmodels.TypeInput{ Override: &sessmodels.OverrideStruct{ Functions: func(originalImplementation sessmodels.RecipeInterface) sessmodels.RecipeInterface { // First we copy the original implementation func originalCreateNewSession := *originalImplementation.CreateNewSession
// Now we override the CreateNewSession function (*originalImplementation.CreateNewSession) = func(res http.ResponseWriter, userID string, accessTokenPayload, sessionData map[string]interface{}, userContext supertokens.UserContext) (sessmodels.SessionContainer, error) {
// This goes in the access token, and is availble to read on the frontend. if accessTokenPayload == nil { accessTokenPayload = map[string]interface{}{} } accessTokenPayload["someKey"] = "someValue"
// This is stored in the db against the sessionHandle for this session if sessionData == nil { sessionData = map[string]interface{}{} } sessionData["someKey"] = "someValue"
return originalCreateNewSession(res, userID, accessTokenPayload, sessionData, userContext) }
return originalImplementation }, }, }), }, })}from supertokens_python import init, InputAppInfofrom supertokens_python.recipe import sessionfrom supertokens_python.recipe.session.interfaces import RecipeInterfacefrom typing import Any, Dict, Union
def override_functions(original_implementation: RecipeInterface): original_implementation_create_new_session = original_implementation.create_new_session
async def create_new_session(request: Any, user_id: str, access_token_payload: Union[None, Dict[str, Any]], session_data: Union[None, Dict[str, Any]], user_context: Dict[str, Any]): if session_data is None: session_data = {}
if access_token_payload is None: access_token_payload = {}
# This is stored in the db against the sessionHandle for this session session_data["someKey"] = 'someValue'
# This goes in the access token, and is availble to read on the frontend. access_token_payload["someKey"] = 'someValue'
return await original_implementation_create_new_session(request, user_id, access_token_payload, session_data, user_context)
original_implementation.create_new_session = create_new_session return original_implementation
init( app_info=InputAppInfo(api_domain="...", app_name="...", website_domain="..."), framework='...', recipe_list=[ session.init( override=session.InputOverrideConfig( functions=override_functions ) ) ])