Session Management

SAuthBase issues a session after user authentication, enabling access to user information without requiring re-authentication. This page explains how session handling works in detail.

How Sessions Work

When verifySession() completes successfully, a token is generated and returned to the client along with the verification result.

Example: Response on successful authentication


{
  "success": true,
  "data": {
    "token": "*************************************",
    "payload": {
      "valid": true,
      "username": "***********",
      "type": "instant",
      "redirect": "http://localhost:3000/auth"
    }
  }
}

This token should be securely stored on the client side (e.g., in cookies or localStorage) and used in subsequent requests instead of re-authentication.

Verification and Decryption

The session ID stored on the client is verified and decrypted using the extractUserWithVerify function.

Example: Session verification


import {  } from "sauthbase"
 
const  = .();
const  = await .(sessionId);

This function detects any tampering of the session ID and returns an error if it is invalid.

Notes

Store user session tokens securely to prevent leaks.
Avoid sending the session token with every request—only send it when necessary.
extractUserUnsafe is lightweight but performs no verification, so extractUserWithVerify is recommended for secure processing.