SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

So the session works via an access and a refresh token. If the access token has expired, but the refresh token still exists, then `getSession` will throw this error. You should then send a 401 to the frontend which will then (via our SDK) try and call the refresh API automatically. 

Once a refresh is successful, the new access token is sent back to this API and this time, `getSession` should succeed.