Skip to main content

Session Interface

The Session interface represents an active user session in Arraf Auth. Sessions are created when users sign in and are used to maintain authentication state.
id
string
required
Unique identifier for the session
userId
string
required
The ID of the user this session belongs to. References User.id.
token
string
required
The session token used for authentication. This is the value stored in cookies or passed in Authorization headers.
expiresAt
Date
required
Timestamp when the session expires. After this time, the session is no longer valid.
ipAddress
string
The IP address from which the session was created. Useful for security auditing.
userAgent
string
The user agent (browser/device information) from which the session was created.
createdAt
Date
required
Timestamp when the session was created

Usage Example

import { Session } from "arraf-auth"

// Create a new session
const session: Session = await auth.createSession({
  userId: "user_123",
  token: "session_token_abc",
  expiresAt: new Date(Date.now() + 30 * 24 * 60 * 60 * 1000), // 30 days
  ipAddress: "192.168.1.1",
  userAgent: "Mozilla/5.0..."
})

// Verify and get session
const activeSession = await auth.getSession("session_token_abc")

if (activeSession && activeSession.expiresAt > new Date()) {
  console.log("Session is valid")
  console.log("User ID:", activeSession.userId)
}

// Delete session (sign out)
await auth.deleteSession(session.token)
Session tokens should be treated as sensitive credentials. Store them securely in httpOnly cookies or secure storage.
The session expiration time is configured in the AuthConfig.session.expiresIn setting. Sessions can use either database or JWT strategy depending on your configuration.

Build docs developers (and LLMs) love

Get started for freeTalk to us