A temporary record that keeps a user logged in as they navigate between pages.
A session is data the Server maintains to track that a user is logged in. When you log in, the server creates a session and gives your browser a session ID (usually in a cookie). On each request, your browser sends the session ID. The server looks it up and knows you are logged in.
Sessions are temporary—they expire after inactivity, usually 24-30 days. They are safer than storing passwords because they contain just an ID, not credentials. The server can invalidate sessions (logout) instantly.
Sessions are fundamental to Authentication. They let users stay logged in while browsing without re-entering credentials every request. Understanding sessions is crucial for building secure apps.
In Supabase, sessions are managed through an Access Token (expires in 1 hour) and a Refresh Token (stored in an HTTP-only Cookie, expires in 30 days). You can listen for session changes using onAuthStateChange.
We give you the skills to build, deploy, and own a full product. Professional stack, AI co-pilot, no coding background required.