important
This is a contributors guide and NOT a user guide. Please visit these docs if you are using or evaluating SuperTokens.
How session interception works
The session recipe is in the supertokens-website repo.
It works on the basis of adding interceptors to fetch
and axios
instances. In a nutshell, it:
- Before sending a request: Adds anti-csrf token measures if necessary.
- After the response:
- If a new session is created, it saves the various tokens in the frontend cookies.
- If a session is revoked, it removes those tokens from the frontend cookies.
- If a refresh is required, it calls the refresh API and then retries the original request.
It also provides ways to check if a session exists, get the access token payload on the frontend, and to sign out.
TODO: