JavaScript SDK - Session management | Stytch B2B authentication

Session management

The SDK may be used to check whether a user has a cached session, view the current session, refresh the session, and revoke the session. To authenticate a session on your backend, you must use either the Stytch API or a Stytch Backend SDK.

Methods

Get session

The SDK provides the session.getSync method to retrieve the current session. The session.onChange method can be used to listen to session changes.

If logged in, the session.getSync method returns the cached session object. Otherwise it returns null.

The session.getInfo method is similar to session.getSync, but it returns an object containing the session object and a fromCache boolean. If fromCache is true, the session object is from the cache and a state refresh is in progress.

The session.onChange method takes in a callback that gets called whenever the Member Session object changes. It returns an unsubscribe method for you to call when you no longer want to listen for such changes.

In React, the @stytch/react library provides the useStytchMemberSession hook that implements these methods for you to easily access the session and listen for changes.

import React from 'react';
import { useStytchMemberSession } from '@stytch/react/b2b';

export const Home = () => {
  const { member_session } = useStytchMemberSession();

  return member_session ? <p> Member Session ID: {member_session.member_session_id}</p> : <p> No Active Session </p>;
};

Refresh session

Wraps Stytch's authenticate Session endpoint and validates that the session issued to the user is still valid. The SDK will invoke this method automatically in the background. You probably won't need to call this method directly. It's recommended to use session.getSync and session.onChange instead.

Method parameters

session_duration_minutes int

import React, { useEffect } from 'react';
import { useStytchB2BClient } from '@stytch/stytch/b2b';

export const RefreshSession = () => {
  const stytch = useStytchB2BClient();

  useEffect(() => {
    const refresh = () => {
      if (stytch.session.getSync()) {
        stytch.session.authenticate({
          session_duration_minutes: 60,
        });
      }
    };
    // Refresh session every 50 minutes
    let interval = setInterval(refresh, 3000000);
    return () => clearInterval(interval);
  }, [stytch]);

  return <></>;
};

RESPONSE

{
	"status_code": 200,
	"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
	"member_session": {...},
	"session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
	"session_jwt": "",
	"member": {...},
	"organization": {...}
}

Revoke session

Wraps Stytch's revoke Session endpoint and revokes the member's current session. This method should be used to log out a member.

import React, { useCallback } from 'react';
import { useStytchB2BClient } from '@stytch/react';

export const LogOutButton = () => {
  const stytch = useStytchB2BClient();

  const logout = useCallback(() => {
    stytch.session.revoke();
  }, [stytch]);

  return <button onClick={logout}>Log out</button>;
};

RESPONSE

{
  "status_code": 200,
  "request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141"
}

Update session

Update a user's session tokens to hydrate a front-end session from the backend. For example, if you log your users in with one of our backend SDKs, you can pass the resulting session_token and session_jwt to this method to prime the frontend SDK with a valid set of tokens. You must then make an authenticate call to authenticate the session tokens and retrieve the user's current session.

import React, { useCallback, useEffect } from 'react';
import { useStytchMember, useStytchB2BClient } from '@stytch/react/b2b';

export const App = () => {
  const stytchClient = useStytchB2BClient();
  const { member } = useStytchMember();

  useEffect(() => {
    if (member) {
      // redirect to logged in experience
    }
  }, [member]);

  const authenticate = useCallback(() => {
    stytchClient.session.updateSession({
      session_token: 'a session token from your backend',
      session_jwt: 'a session JWT from your backend',
    });

    stytchClient.session.authenticate({ session_duration_minutes: 60 });
  }, [stytchClient]);

  return <button onClick={authenticate}>Hydrate session</button>;
};

Exchange session

Wraps Stytch's exchange session endpoint and exchanges the member's current session for a session in the specified Organization.

If this method succeeds and the Member is not required to complete MFA, the Member will be logged in, granted an active session, and the session cookies will be minted and stored in the browser.

If this method succeeds and MFA is required, the intermediate session token will be stored in the browser as a cookie.

You can listen for successful login events anywhere in the codebase with the stytch.session.onChange() method or useStytchMemberSession hook if you are using React.

Method parameters

organization_id* string

session_duration_minutes* int

locale string

import { useStytchB2BClient } from '@stytch/react/b2b';

export const Login = () => {
  const stytch = useStytchB2BClient();

  const exchange = () => {
    stytch.session.exchange({
      organization_id: 'organization-test-07971b06-ac8b-4cdb-9c15-63b17e653931',
      session_duration_minutes: 60,
    });
  };

  return <button onClick={exchange}>Log in</button>;
};

RESPONSE

{
	"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
	"status_code": 200,
	"member_id": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f",
	"session_jwt": "example_jwt",
	"session_token": "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q",
	"intermediate_session_token": "",
	"member_authenticated": true,
	"mfa_required": null,
	"member_session": {...},
	"member": {...},
	"organization": {...}
}

Get tokens

Returns the session_token and session_jwt values associated with the logged-in user's active session. If no active session is present, returns null.

Note that the Stytch SDK stores the session_token and session_jwt values as session cookies in the user's browser. Those cookies will be automatically included in any request that your frontend makes to a service (such as your backend) that shares the domain set on the cookies, so in most cases, you will not need to explicitly retrieve the session_token and session_jwt values using the getTokens() method. However, we offer this method to serve some unique use cases where explicitly retrieving the tokens may be necessary.

import React, { useEffect } from 'react';
import { useStytchMemberSession, useStytchB2BClient } from '@stytch/react/b2b';

export const GetSessionTokens = () => {
  const stytchClient = useStytchB2BClient();
  const { session } = useStytchMemberSession();

  // This will update the sessionTokens every time the session updates (on login, session refresh, MFA, etc.)
  const sessionTokens = useMemo(() => {
    return stytchClient.session.getTokens();
  }, [session]);

  // This useEffect block will trigger anytime the sessionTokens change
  useEffect(() => {
    if (sessionTokens) {
      // Do something with the tokens
      console.log('session token', tokens.session_token);
      console.log('session jwt', tokens.session_jwt);
    }
  }, [sessionTokens]);

  return null;
};