> ## Documentation Index
> Fetch the complete documentation index at: https://stytch.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.
# On Change Session
> Listen for changes to the current Session using the Stytch Next.js SDK
export const organization = "Represents an instance or tenant in your application, typically mapping to each of your top-level customers.";
export const member = "Represents an individual end user's account within a given Organization, uniquely identified within that Organization by their email address.";
export const isReact_0 = true
{isReact_0 &&
In React, use the useStytchMemberSession hook to easily access the current session and react to changes.
}
The Stytch SDK caches the Session of the logged-in Member. Use the `session.onChange` method to listen for and react to changes to the Session object.
## Parameters
The callback function to call when the session changes. The first parameter is the updated Session object.
The updated Session object.
Globally unique UUID that identifies the Session.
Globally unique UUID that identifies a specific Member.
An array of authentication factors that comprise a Session.
The type of authentication factor. The possible values are: `email_otp`, `impersonated`, `imported`, `magic_link`, `oauth`, `otp`, `password`, `recovery_codes`, `sso`, `trusted_auth_token`, or `totp`.
The method that was used to deliver the authentication factor. The possible values depend on the type:
* `email_otp`: Only `email`.
* `impersonated`: Only `impersonation`.
* `imported`: Only `imported_auth0`.
* `magic_link`: Only `email`.
* `oauth`: `oauth_google`, `oauth_microsoft`, `oauth_hubspot`, `oauth_slack`, or `oauth_github`.
You may see an 'exchange' delivery method when a non-email-verifying OAuth factor originally authenticated in one organization is exchanged for a factor in another organization. This can happen during authentication flows such as [session exchange](/api-reference/b2b/api/sessions/exchange-session). The non-email-verifying OAuth providers are Hubspot, Slack, and Github. Google is also considered non-email-verifying when the HD claim is empty. The possible exchange values are `oauth_exchange_google`, `oauth_exchange_hubspot`, `oauth_exchange_slack`, or `oauth_exchange_github`. The final possible value is `oauth_access_token_exchange`, if this factor came from an [access token exchange flow](/api-reference/b2b/api/sessions/exchange-access-token).
* `otp`: Only `sms`.
* `password`: Only `knowledge`.
* `recovery_codes`: Only `recovery_code`.
* `sso`: `sso_saml` or `sso_oidc`.
* `trusted_auth_token`: Only `trusted_token_exchange`.
* `totp`: Only `authenticator_app`.
The timestamp when the factor was initially authenticated.
The timestamp when the factor was last authenticated.
The timestamp when the factor was last updated.
Either `PRIMARY` or `SECONDARY`. Secondary factor types include `otp`, `totp`, and `recovery_codes`. All other factors are primary.
Information about the email factor, if one is present.
The email address of the Member.
The globally unique UUID of the Member's email.
Information about the phone number factor, if one is present.
The phone number.
The globally unique UUID of the phone number.
Information about the Google OAuth factor, if one is present.
The unique ID of the OAuth registration.
The globally unique UUID of the Member's email.
The unique identifier for the User within the OAuth provider. Also commonly called the sub or "Subject field" in OAuth protocols.
Information about the Microsoft OAuth factor, if one is present.
The unique ID of the OAuth registration.
The globally unique UUID of the Member's email.
The unique identifier for the User within the OAuth provider. Also commonly called the sub or "Subject field" in OAuth protocols.
Information about the Hubspot OAuth factor, if one is present.
The unique ID of the OAuth registration.
The globally unique UUID of the Member's email.
The unique identifier for the User within the OAuth provider. Also commonly called the sub or "Subject field" in OAuth protocols.
Information about the Github OAuth factor, if one is present.
The unique ID of the OAuth registration.
The globally unique UUID of the Member's email.
The unique identifier for the User within the OAuth provider. Also commonly called the sub or "Subject field" in OAuth protocols.
Information about the Slack OAuth factor, if one is present.
The unique ID of the OAuth registration.
The globally unique UUID of the Member's email.
The unique identifier for the User within the OAuth provider. Also commonly called the sub or "Subject field" in OAuth protocols.
Information about the Google OAuth Exchange factor, if one is present.
The globally unique UUID of the email address.
Information about the Hubspot OAuth Exchange factor, if one is present.
The globally unique UUID of the email address.
Information about the Github OAuth Exchange factor, if one is present.
The globally unique UUID of the email address.
Information about the Slack OAuth Exchange factor, if one is present.
The globally unique UUID of the email address.
Information about the SAML SSO factor, if one is present.
The unique ID of an SSO Registration.
Globally unique UUID that identifies a specific SAML Connection.
The ID of the member given by the identity provider.
Information about the OIDC SSO factor, if one is present.
The unique ID of an SSO Registration.
Globally unique UUID that identifies a specific OIDC Connection.
The ID of the member given by the identity provider.
Information about the TOTP-backed Authenticator App factor, if one is present.
Globally unique UUID that identifies the TOTP instance.
Information about the impersonated factor, if one is present.
For impersonated sessions initiated via the Stytch Dashboard, the impersonator's Stytch Dashboard `member_id`.
The email address of the impersonator.
Information about the trusted auth token factor, if one is present.
The ID of the trusted auth token.
Information about the access token exchange factor, if one is present.
The ID of the Connected App client.
The globally unique UUID that identifies the Organization associated with the Session.
The unique URL slug of the Organization associated with the Session.
A list of the roles associated with the Session.
Members may inherit certain roles depending on the factors in their Session.
For example, some roles may only be active if the member logged in from a specific SAML IDP.
The timestamp when the Session was created. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`.
The timestamp when the Session was last accessed. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`.
The timestamp when the Session expires. Values conform to the RFC 3339 standard and are expressed in UTC, e.g. `2021-12-29T12:33:09Z`.
The custom claims map for a Session. Claims can be added to a Session during a Sessions authenticate call.
## Return value
The function to call to unsubscribe from the Organization change event.
```jsx theme={null}
import { useEffect, useState } from 'react';
import { useStytchB2BClient } from '@stytch/nextjs/b2b';
export const SessionDisplay = () => {
const stytch = useStytchB2BClient();
const [session, setSession] = useState(null);
useEffect(() => {
// Subscribe to session changes
const unsubscribe = stytch.session.onChange((session) => {
setSession(session);
});
// Cleanup subscription on unmount
return unsubscribe;
}, [stytch]);
return (