SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

How do the `supertokens-node`  `verifySession` and `Session.getSession` functions behave in case the session is expired? Do they check this? or will they return `null`/`undefined` in such an  scenario?

the verifySession will send a 401 to the frontend and clear the cookies

What will be done in case a new token could be generated via the refresh token? Wouldnt there clearing the cookies be too agressive?

For session.getSession I know an error with  `Session.Error.TRY_REFRESH_TOKEN`  is thrown 🤔

oh right. In that case, verifySession will still return a 401, but it won't clear the other tokens. So the frontend will still try and refresh

But in case I am doing a request using fetch() to some Next.js API route that uses verifySession and returns a 401, is till need to manually initiate the refresh token creation, I guess?

nope. As long as you have done session.init before, then our frontend SDK will automatically try and refresh