hey @User ! You can save any user info "within" the session itself. So you don't have to manually manage storing of that. There are two kinds of storage:
- In the access token (JWT payload): This is perfect for information like user's roles. The info here will be accessible on the frontend and on the backend (can be fetched without a db call).
- In the db: This is what we call "session data". This info is stored in the db against the session for that user. Here you can set any sensitive information which you do not want the frontend to be able to access, but would still like to associate with that user's session.
More info about this can be found here: https://supertokens.io/recipe-redirect?to=/common-customizations/sessions/new-session
And also please do see the subsequent pages on how to read / edit this info.