Skip to main content
important

This is a contributors guide and NOT a user guide. Please visit these docs if you are using or evaluating SuperTokens.

How session interception works

The session recipe is in the supertokens-website repo.

It works on the basis of adding interceptors to fetch and axios instances. In a nutshell, it:

  • Before sending a request: Adds anti-csrf token measures if necessary, plus st-auth-mode and authorization
  • After the response:
    • If a new session is created, it saves the various tokens in the frontend cookies.
    • If a session is revoked, it removes those tokens from the frontend cookies.
    • If a refresh is required, it calls the refresh API and then retries the original request.

It also provides ways to check if a session exists, get the access token payload on the frontend, and to sign out.

TODO:

Which frontend SDK do you use?
supertokens-web-js / mobile
supertokens-auth-react