Hello dear friends, I want to implement supertokens in my Next JS application (Passwordless with EMail). I have the following questions: - To check if a user is authenticated in Server Side Rendering, we use the function: getSession(). Does this function execute an internal API CALL or does it call a module function without HTTP request? - Are the user sessions stored in the database? Or does supertokens use JWT tokens? - Compared to NEXT AUTH, is supertokens more efficient?

hey @Pants

Hello rp 🙂

> To check if a user is authenticated in Server Side Rendering, we use the function: getSession(). Does this function execute an internal API CALL or does it call a module function without HTTP request? It does stateless verification of the session. Sometimes, it has to talk to the supertokens core, so it contacts it via HTTP > Are the user sessions stored in the database? Or does supertokens use JWT tokens? The access token is a signed cookie, so it's not stored in the db. But the refresh token's hash is stored in the DB. > Compared to NEXT AUTH, is supertokens more efficient? On the backend, SuperTokens does session verification in a stateless way, so no IO calls and hence it's very effieient and quick. On the frontend, SuperTokens stores "proxy tokens" (non sensitive tokens) in frontend set cookies which tells the frontend if a session exists or not. So even for protected routes on the frontend, it doesn't need to do any API call. I believe that with NextAuth, it requires an API call on the frontend each time a protected route is loaded (to check if a session exists). Therefore, I would say that SuperTokens is more efficient (but please do correct me if i am wrong here about NextAuth).

Since it's stateless, then how can I revoke a session ? What data is stored in the database ? According to the documentation many tables are created ? why since we are using a stateless architecture ?

Some of your session related questions can be answered if you read this blog: https://supertokens.com/blog/the-best-way-to-securely-manage-user-sessions

Reading them 🙂

> What data is stored in the database ? According to the documentation many tables are created ? why since we are using a stateless architecture One table is to store the session's refresh token info. The access token is stateless, but the refresh tokens are not. Other tables are for login related info (email password, social, passworless login + email verification, password reset tokens etc) > For self hosted architecture, do I need a separate database ? Yes. > Server ? You have to run your nextjs app as usual + run the supertokens core (which is a mireoservice), connected to your db. If you use our managed version, we run the core for you.