Channels
bot-training
community
contributing
general
github-activity
info
introductions
new-releases
random
security
support-questions
welcome-0xdelusion
welcome-aj-ya
welcome-aleksandrc
welcome-alpinjs
welcome-amberlamps1
welcome-andrew-rodriguez
welcome-ankit-choudhary
welcome-anthony-stod-custodio
welcome-call-in
welcome-chwalbox
welcome-claybiokiller
welcome-co7e
welcome-cosmoecwsa
welcome-devdag
welcome-dinso
welcome-drebotelho
welcome-elio
welcome-ernest
welcome-foxbarrington
welcome-fromscratch
welcome-galto4ir
welcome-goetzum
welcome-hay-kot
welcome-himanshu-kukreja
welcome-hossambarakat
welcome-ichikawakazuto
welcome-jahir9991
welcome-jamesl
welcome-jerry123424
welcome-john-oliver
welcome-jonas-alexanderson
welcome-jxyz
welcome-kelvinwop
welcome-kraz
welcome-lancekey
welcome-leoo
welcome-lukeacollins
welcome-m-j-mon
welcome-malik-khoja
welcome-marco
welcome-mardadi
welcome-meshguy
welcome-metamorph
welcome-mike-tectu
welcome-mirzok
welcome-mozomig
welcome-naberyou66_
welcome-nacer
welcome-namratha
welcome-naveenkumar
welcome-nightlight
welcome-nischith
welcome-notankit
welcome-olawumi
welcome-pavan-kumar-reddy-n
welcome-pineappaul
welcome-poothebear
welcome-rick
welcome-samuel-qosenergy
welcome-samuelstroschein
welcome-shubhamgoel23
welcome-shubhamkaushal
welcome-sidebar
welcome-surajsli
welcome-suyash_
welcome-syntaxerror
welcome-tauno
welcome-tawnoz
welcome-teclali
welcome-tls
welcome-turbosepp
welcome-vikram_shadow
custom session expiry per user
u
undesiredmonk
04/10/2023, 4:26 AMI want to log the user out when their subscription is ended. Is there any way I can set custom expiry to cookies and sessions for each user based on their subscription? The default time will be 7 days but users with less than 7 days remaining on their subscription will have the session & cookies expiry date the same as their subscription end date.
r
rp
04/10/2023, 5:36 AMyes this is possible. You can add another custom claim in the session's access token payload indicating when the subscription is about to end using the createNewSession override.
Then post session verification, you can check if the claim indicates that the subscription end date has already passed or not, and if it has, then send back a 401.
You will also need to override the refresh function to call the original implementation first and then check the access token payload from the resulting session object. If it indicates that the subscription has gotten over, then call
session.revokeSessionst-bot-test-case
u
undesiredmonk
04/10/2023, 5:49 AMCan we override verifySession for this?
r
rp
04/10/2023, 6:03 AMyou can make your own verifySession middleware which is based on our getSession function: https://supertokens.com/docs/session/common-customizations/sessions/session-verification-in-api/get-session#getsession-vs-verifysession
u
undesiredmonk
04/10/2023, 6:54 AMI'm using fastify. The verifySession method seems to be different for fastify/
I made my own verify session middleware. I'm using fastify.
export const verifySession = (options?: VerifySessionOptions) => {
return async (req: SessionRequest, reply: FastifyReply) => {
try {
if (options?.sessionRequired === false) {
(req as any).session = await Session.getSession(req, reply, {
antiCsrfCheck: options?.antiCsrfCheck,
overrideGlobalClaimValidators: options?.overrideGlobalClaimValidators,
sessionRequired: false,
});
} else {
(req as any).session = await Session.getSession(req, reply, {
antiCsrfCheck: options?.antiCsrfCheck,
overrideGlobalClaimValidators: options?.overrideGlobalClaimValidators,
sessionRequired: true,
});
const payload = req.session?.getAccessTokenPayload();
const isSubscribed = payload.isSubscribed
if (!isSubscribed) {
await req.session?.revokeSession();
reply.status(401);
}
}
} catch (error) {
if (SuperTokensError.isErrorFromSuperTokens(error)) {
switch (error.type) {
case Session.Error.TRY_REFRESH_TOKEN: {
reply
.status(401)
.send({ message: Session.Error.TRY_REFRESH_TOKEN });
break;
}
case Session.Error.UNAUTHORISED: {
reply.status(401).send({ message: Session.Error.UNAUTHORISED });
break;
}
case Session.Error.TOKEN_THEFT_DETECTED: {
req.session?.revokeSession();
reply
.status(401)
.send({ message: Session.Error.TOKEN_THEFT_DETECTED });
break;
}
case Session.Error.INVALID_CLAIMS: {
reply.status(401).send({ message: Session.Error.INVALID_CLAIMS });
break;
}
}
reply.status(401).send({ message: error.message });
} else {
reply.status(401).send(error);
}
}
};
};I'm getting following error when fetching the refresh token after the cookie expires.
TypeError: res.setHeader is not a function
at appendToServerResponse (/node_modules/.pnpm/supertokens-node@12.1.4/node_modules/supertokens-node/lib/build/framework/utils.js:298:9)
at Object.setCookieForServerResponse (/node_modules/.pnpm/supertokens-node@12.1.4/node_modules/supertokens-node/lib/build/framework/utils.js:277:12)
at ExpressResponse.setCookie (/node_modules/.pnpm/supertokens-node@12.1.4/node_modules/supertokens-node/lib/build/framework/express/framework.js:121:21)
at setCookie (/node_modules/.pnpm/supertokens-node@12.1.4/node_modules/supertokens-node/lib/build/recipe/session/cookieAndHeaders.js:103:16)
at Object.attachAccessTokenToCookie (/node_modules/.pnpm/supertokens-node@12.1.4/node_modules/supertokens-node/lib/build/recipe/session/cookieAndHeaders.js:26:5)
at Object.<anonymous> (/node_modules/.pnpm/supertokens-node@12.1.4/node_modules/supertokens-node/lib/build/recipe/session/recipeImplementation.js:212:40)
at Generator.next (<anonymous>)
at fulfilled (/node_modules/.pnpm/supertokens-node@12.1.4/node_modules/supertokens-node/lib/build/recipe/session/recipeImplementation.js:15:36)
at runMicrotasks (<anonymous>)
at processTicksAndRejections (node:internal/process/task_queues:96:5)I'm using fastify. And this issue doesn't happen if i use the verifySession method provided
r
rp
04/11/2023, 2:25 PMSo this error comes during refreshing a session?
u
undesiredmonk
04/11/2023, 2:35 PMYes, When the cookie expires and calls for the refresh token
How can I override refresh token logic?