https://supertokens.com/ logo
Join Discord
Powered by
I want to log the user out when their subscription...
# support-questions-legacy
u
I want to log the user out when their subscription is ended. Is there any way I can set custom expiry to cookies and sessions for each user based on their subscription? The default time will be 7 days but users with less than 7 days remaining on their subscription will have the session & cookies expiry date the same as their subscription end date.
r
yes this is possible. You can add another custom claim in the session's access token payload indicating when the subscription is about to end using the createNewSession override. Then post session verification, you can check if the claim indicates that the subscription end date has already passed or not, and if it has, then send back a 401. You will also need to override the refresh function to call the original implementation first and then check the access token payload from the resulting session object. If it indicates that the subscription has gotten over, then call 
session.revokeSession
. An alternative method would be to have a cronjob in your system which would check for each user if their subscription has finished and then if it has, then call the session.revokeAllSessionsForUser function for that user. This will log the user out the next time their session refreshes.
st-bot-test-case
u
Can we override verifySession for this?
r
you can make your own verifySession middleware which is based on our getSession function: https://supertokens.com/docs/session/common-customizations/sessions/session-verification-in-api/get-session#getsession-vs-verifysession
u
I'm using fastify. The verifySession method seems to be different for fastify/
I made my own verify session middleware. I'm using fastify.
Copy code
export const verifySession = (options?: VerifySessionOptions) => {
  return async (req: SessionRequest, reply: FastifyReply) => {
    try {
      if (options?.sessionRequired === false) {
        (req as any).session = await Session.getSession(req, reply, {
          antiCsrfCheck: options?.antiCsrfCheck,
          overrideGlobalClaimValidators: options?.overrideGlobalClaimValidators,
          sessionRequired: false,
        });
      } else {
        (req as any).session = await Session.getSession(req, reply, {
          antiCsrfCheck: options?.antiCsrfCheck,
          overrideGlobalClaimValidators: options?.overrideGlobalClaimValidators,
          sessionRequired: true,
        });

        const payload = req.session?.getAccessTokenPayload();

        const isSubscribed = payload.isSubscribed

        if (!isSubscribed) {
          await req.session?.revokeSession();
          reply.status(401);
        }
      }
    } catch (error) {
      if (SuperTokensError.isErrorFromSuperTokens(error)) {
        switch (error.type) {
          case Session.Error.TRY_REFRESH_TOKEN: {
            reply
              .status(401)
              .send({ message: Session.Error.TRY_REFRESH_TOKEN });

            break;
          }
          case Session.Error.UNAUTHORISED: {
            reply.status(401).send({ message: Session.Error.UNAUTHORISED });

            break;
          }
          case Session.Error.TOKEN_THEFT_DETECTED: {
            req.session?.revokeSession();
            reply
              .status(401)
              .send({ message: Session.Error.TOKEN_THEFT_DETECTED });

            break;
          }
          case Session.Error.INVALID_CLAIMS: {
            reply.status(401).send({ message: Session.Error.INVALID_CLAIMS });

            break;
          }
        }

        reply.status(401).send({ message: error.message });
      } else {
        reply.status(401).send(error);
      }
    }
  };
};
I'm getting following error when fetching the refresh token after the cookie expires.
Copy code
TypeError: res.setHeader is not a function
at appendToServerResponse (/node_modules/.pnpm/supertokens-node@12.1.4/node_modules/supertokens-node/lib/build/framework/utils.js:298:9)
at Object.setCookieForServerResponse (/node_modules/.pnpm/supertokens-node@12.1.4/node_modules/supertokens-node/lib/build/framework/utils.js:277:12)
at ExpressResponse.setCookie (/node_modules/.pnpm/supertokens-node@12.1.4/node_modules/supertokens-node/lib/build/framework/express/framework.js:121:21)
at setCookie (/node_modules/.pnpm/supertokens-node@12.1.4/node_modules/supertokens-node/lib/build/recipe/session/cookieAndHeaders.js:103:16)
at Object.attachAccessTokenToCookie (/node_modules/.pnpm/supertokens-node@12.1.4/node_modules/supertokens-node/lib/build/recipe/session/cookieAndHeaders.js:26:5)
at Object.<anonymous> (/node_modules/.pnpm/supertokens-node@12.1.4/node_modules/supertokens-node/lib/build/recipe/session/recipeImplementation.js:212:40)
at Generator.next (<anonymous>)
at fulfilled (/node_modules/.pnpm/supertokens-node@12.1.4/node_modules/supertokens-node/lib/build/recipe/session/recipeImplementation.js:15:36)
at runMicrotasks (<anonymous>)
at processTicksAndRejections (node:internal/process/task_queues:96:5)
I'm using fastify. And this issue doesn't happen if i use the verifySession method provided
r
So this error comes during refreshing a session?
u
Yes, When the cookie expires and calls for the refresh token
How can I override refresh token logic?
20 Views
PreviousNext
Powered by