https://supertokens.com/ logo
session questions
v

vigneshkumar

04/17/2023, 6:09 AM
Hi, I've questions regarding the tokens that are generated from the core and how it get's verified during each and every request from the frontend SDKs. 1. Does supertoken core is responsible for creating access and refresh tokens and provide it to backend sdk? 2. does backend sdk stores these tokens for further verification of sessions? If so, Where does it store the tokens? 3. What are the main essential functionalities of supertokens-core? 4. Does the DB has only the session id or it stores all the tokens are getting generated?
r

rp

04/17/2023, 6:12 AM
1. yes 2. the tokens are not stored in the backend SDK. They are simply attached to the response as cookies and the frontend stores them. The backend SDK only stores the public keys in memory to verify the access token. 3. To interact with the database, validate credentials, create / revoke tokens etc. 4. For session, it stores the session handle, and hashes of refresh token. Not the access token.
v

vigneshkumar

04/17/2023, 6:16 AM
> the tokens are not stored in the backend SDK. They are simply attached to the response as cookies and the frontend stores them. The backend SDK only stores the public keys in memory to verify the access token. So the verification of tokens doesn't involve any db calls right? What exactly is the public keys here?
r

rp

04/17/2023, 6:16 AM
yea.. no db calls
the public key is the key used to verify the tokens
v

vigneshkumar

04/17/2023, 6:32 AM
so is the public key is only cached in the backend sdk and not the db right? and once the user is authenticated, there is no db calls is made further for verifications of tokens or other things?