Pre built UIHandling session tokens
There are two modes ways in which you can use sessions with SuperTokens:
- Using
httpOnlycookies - Authorization bearer token.
Our frontend SDK uses httpOnly cookie based session for websites by default as it secures against tokens theft via XSS attacks. For other platform like mobile apps, we use a bearer token in the Authorization header by default. This setting can be changed as described in the token transfer section
CAUTION
This guide only applies to scenarios which involve SuperTokens Session Access Tokens.
If you are implementing either, Unified Login or Microservice Authentication, features that make use of OAuth2 Access Tokens, please check the separate page that shows you how to verify those types of tokens.
If using our frontend SDK#
For Web#
success
No action required.
Our frontend SDK handles everything for you. You only need to make sure that you have called supertokens.init before making any network requests.
Our SDK adds interceptors to fetch and XHR (used by axios) to save and add session tokens from and to the request.
By default, our web SDKs use cookies to provide credentials.
CAUTION
This guide only applies to scenarios which involve SuperTokens Session Access Tokens.
If you are implementing either, Unified Login or Microservice Authentication, features that make use of OAuth2 Access Tokens, please check the separate page that shows you how to verify those types of tokens.
For React-Native#
Our frontend SDK handles everything for you. You only need to make sure that you have added our network interceptors as shown below
note
By default our mobile SDKs use a bearer token in the Authorization header to provide credentials.
For Android#
note
By default our mobile SDKs use a bearer token in the Authorization header to provide credentials.
For iOS#
note
By default our mobile SDKs use a bearer token in the Authorization header to provide credentials.
For Flutter#
note
By default our mobile SDKs use a bearer token in the Authorization header to provide credentials.
If not using our frontend SDK#
caution
We highly recommend using our frontend SDK to handle session token management. It will save you a lot of time.
In this case, you will need to manually handle the tokens and session refreshing, and decide if you are going to use header or cookie-based sessions.
For browsers, we recommend cookies, while for mobile apps (or if you don't want to use the built-in cookie manager) you should use header-based sessions.
