Session management

The SDK may be used to check whether a user has a cached session, view the current session, refresh the session, and revoke the session. To authenticate a session on your backend, you must use either the Stytch API or a Stytch Backend SDK.

Methods

Get session

The SDK provides the session.getSync method to retrieve the current session. The session.onChange method can be used to listen to session changes.

If logged in, the session.getSync method returns the cached session object. Otherwise it returns null. In React, the @stytch/react library provides the useStytchMemberSession hook that implements these methods for you to easily access the session and listen for changes.

The session.onChange method takes in a callback that gets called whenever the Member Session object changes. It returns an unsubscribe method for you to call when you no longer want to listen for such changes.

import React from 'react';
import { useStytchMemberSession } from '@stytch/react/b2b';

export const Home = () => {
  const { member_session } = useStytchMemberSession();

  return member_session ? <p> Member Session ID: {member_session.member_session_id}</p> : <p> No Active Session </p>;
};

Refresh session

Wraps Stytch's authenticate Session endpoint and validates that the session issued to the user is still valid. The SDK will invoke this method automatically in the background. You probably won't need to call this method directly. It's recommended to use session.getSync and session.onChange instead.


Method parameters


session_duration_minutesint
import React, { useEffect } from 'react';
import { useStytchB2BClient } from '@stytch/stytch/b2b';

export const RefreshSession = () => {
  const stytch = useStytchB2BClient();

  useEffect(() => {
    const refresh = () => {
      if (stytch.session.getSync()) {
        stytch.session.authenticate({
          session_duration_minutes: 60,
        });
      }
    };
    // Refresh session every 50 minutes
    let interval = setInterval(refresh, 3000000);
    return () => clearInterval(interval);
  }, [stytch]);

  return <></>;
};

RESPONSE

200
{
	"status_code": 200,
	"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
	"member_session": {...},
	"session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
	"session_jwt": "",
	"member": {...},
	"organization": {...}
}

Revoke session

Wraps Stytch's revoke Session endpoint and revokes the member's current session. This method should be used to log out a member.

import React, { useCallback } from 'react';
import { useStytchB2BClient } from '@stytch/react';

export const LogOutButton = () => {
  const stytch = useStytchB2BClient();

  const logout = useCallback(() => {
    stytch.session.revoke();
  }, [stytch]);

  return <button onClick={logout}>Log out</button>;
};

RESPONSE

200
{
  "status_code": 200,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141"
}

Exchange session

Wraps Stytch's exchange session endpoint and exchanges the member's current session for a session in the specified Organization.

If this method succeeds and the Member is not required to complete MFA, the Member will be logged in, granted an active session, and the session cookies will be minted and stored in the browser.

If this method succeeds and MFA is required, the intermediate session token will be stored in the browser as a cookie.

You can listen for successful login events anywhere in the codebase with the stytch.session.onChange() method or useStytchMemberSession hook if you are using React.


Method parameters


organization_id*string

session_duration_minutes*int

localestring
import { useStytchB2BClient } from '@stytch/react/b2b';

export const Login = () => {
  const stytch = useStytchB2BClient();

  const exchange = () => {
    stytch.session.exchange({
      organization_id: 'organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931',
      session_duration_minutes: 60,
    });
  };

  return <button onClick={exchange}>Log in</button>;
};

RESPONSE

200
{
	"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
	"status_code": 200,
	"member_id": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f",
	"session_jwt": "example_jwt",
	"session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
	"intermediate_session_token": "",
	"member_authenticated": true,
	"mfa_required": null,
	"member_session": {...},
	"member": {...},
	"organization": {...}
}