Backend session management examples
Below are examples of ways to manage Stytch Sessions on the backend.
Remember me for 30 days after login
Create a session that expires 30 days (43200 minutes) after initial login.
const stytch = require("stytch")
const client = new stytch.Client({
project_id: "PROJECT_ID",
secret: "SECRET",
env: stytch.envs.test,
}
);
// Replace with token from request
const token = "SeiGwdj5lKkrEVgcEY3QNJXt6srxS3IK2Nwkar6mXD4="
client.magicLinks.authenticate(token, { session_duration_minutes: 43200 })
.then(magicLinkAuthResp => {
console.log(magicLinkAuthResp)
})
.catch(err => {
console.log(err)
});
client.sessions.authenticate({session_token: "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q"})
.then(sessionAuthResp => { console.log(sessionAuthResp) })
.catch(err => { console.log(err) });
Remember me for 30 days since you last saw me
Everytime a session is authenticated, extend it for another 30 days (43200 minutes). This means that if the session continues to be successfully authenticated at least once every 30 days the user will remain logged in indefinitely, unless the session is explicitly revoked.
const stytch = require("stytch")
const client = new stytch.Client({
project_id: "PROJECT_ID",
secret: "SECRET",
env: stytch.envs.test,
}
);
// Replace with token from request
const token = "SeiGwdj5lKkrEVgcEY3QNJXt6srxS3IK2Nwkar6mXD4="
client.magicLinks.authenticate(token, { session_duration_minutes: 43200 })
.then(magicLinkAuthResp => {
console.log(magicLinkAuthResp)
})
.catch(err => {
console.log(err)
});
client.sessions.authenticate({session_token: "mZAYn5aLEqKUlZ_Ad9U_fWr38GaAQ1oFAhT8ds245v7Q", session_duration_minutes: 43200})
.then(sessionAuthResp => { console.log(sessionAuthResp) })
.catch(err => { console.log(err) });
Log out a user
Log the user out of a given session
const stytch = require("stytch");
const client = new stytch.Client({
project_id: "PROJECT_ID",
secret: "SECRET",
env: stytch.envs.test,
});
client.sessions.revoke({session_id: "session-test-fe6c042b-6286-479f-8a4f-b046a6c46509"})
.then(resp => { console.log(resp) })
.catch(err => { console.log(err) });
Log a user out of all sessions
Get all sessions for a given user's ID and individually revoke each of them.
const stytch = require("stytch");
const client = new stytch.Client({
project_id: "PROJECT_ID",
secret: "SECRET",
env: stytch.envs.test,
});
client.sessions.get({user_id: "user-test-16d9ba61-97a1-4ba4-9720-b03761dc50c6"})
.then(getResp => { console.log(getResp) })
.catch(err => { console.log(err) });
client.sessions.revoke({session_id: "session-test-fe6c042b-6286-479f-8a4f-b046a6c46509"})
.then(revokeResp => { console.log(revokeResp) })
.catch(err => { console.log(err) });
Multiple Authentication Factors
Create a single session from multiple authentication factors.
const stytch = require("stytch")
const client = new stytch.Client({
project_id: "PROJECT_ID",
secret: "SECRET",
env: stytch.envs.test,
}
);
// Replace with token from request
const token = "SeiGwdj5lKkrEVgcEY3QNJXt6srxS3IK2Nwkar6mXD4="
// Create a new session using the first factor
resp = client.magicLinks.authenticate(token, { session_duration_minutes: 43200 })
.then(magicLinkAuthResp => {
console.log(magicLinkAuthResp);
return magicLinkAuthResp
})
.catch(err => {
console.log(err)
})
// Use the session token to attach the second factor
resp.then(({session_token}) => {
return client.otps.authenticate({
method_id: "phone-number-test-d5a3b680-e8a3-40c0-b815-ab79986666d0",
code: "123456",
session_token: session_token,
})
}).then(console.log).catch(console.error)