Handling session tokens
success
No action required.
Our frontend SDK handles everything for you. You only need to make sure that you have called supertokens.init
before making any network requests.
Our SDK adds interceptors to fetch
and XHR
(used by axios
) to save and add session tokens from and to the request.
note
By default, our web SDKs use cookies to provide credentials.
#
Getting the access tokencaution
Our SDK automatically handles adding the access token to request headers. You only need to add the access token to the request if you want to send the access token to a different API domain than what is configured on the frontend SDK init function call.
If you are using a header-based session or enabled exposeAccessTokenToFrontendInCookieBasedAuth
(see below), you can read the access token on the frontend using the getAccessToken
method:
- ReactJS
- Angular
- Vue
import Session from "supertokens-web-js/recipe/session";
async function getToken(): Promise<void> {
const accessToken = await Session.getAccessToken();
console.log(accessToken);
}
import Session from "supertokens-auth-react/recipe/session";
async function getToken(): Promise<void> {
const accessToken = await Session.getAccessToken();
console.log(accessToken);
}
import Session from "supertokens-web-js/recipe/session";
async function getToken(): Promise<void> {
const accessToken = await Session.getAccessToken();
console.log(accessToken);
}
#
If using cookie-based sessionscaution
This will expose the access token to the frontend, meaning it could be vulnerable to XSS attacks.
important
If you are using header-based sessions, you can skip this step
By enabling this setting, you'll expose the access token to your frontend code even if you use cookies for authentication.
- NodeJS
- GoLang
- Python
- Other Frameworks
Important
import SuperTokens from "supertokens-node";
import Session from "supertokens-node/recipe/session";
SuperTokens.init({
supertokens: {
connectionURI: "..."
},
appInfo: {
apiDomain: "...",
appName: "...",
websiteDomain: "..."
},
recipeList: [
Session.init({
exposeAccessTokenToFrontendInCookieBasedAuth: true,
})
]
});
import (
"github.com/supertokens/supertokens-golang/recipe/session"
"github.com/supertokens/supertokens-golang/recipe/session/sessmodels"
"github.com/supertokens/supertokens-golang/supertokens"
)
func main() {
supertokens.Init(supertokens.TypeInput{
RecipeList: []supertokens.Recipe{
session.Init(&sessmodels.TypeInput{
ExposeAccessTokenToFrontendInCookieBasedAuth: true,
}),
},
})
}
from supertokens_python import init, InputAppInfo
from supertokens_python.recipe import session
init(
app_info=InputAppInfo(
api_domain="...", app_name="...", website_domain="..."),
framework='...',
recipe_list=[
session.init(
expose_access_token_to_frontend_in_cookie_based_auth=True
)
]
)