A temporary record that keeps a user logged in as they navigate between pages.
A session is data the Server maintains to track that a user is logged in. When you log in, the server creates a session and gives your browser a session ID (usually in a cookie). On each request, your browser sends the session ID. The server looks it up and knows you are logged in.
Sessions are temporary—they expire after inactivity, usually 24-30 days. They are safer than storing passwords because they contain just an ID, not credentials. The server can invalidate sessions (logout) instantly.
Sessions are fundamental to Authentication. They let users stay logged in while browsing without re-entering credentials every request. Understanding sessions is crucial for building secure apps.
In Supabase, sessions are managed through an Access Token (expires in 1 hour) and a Refresh Token (stored in an HTTP-only Cookie, expires in 30 days). You can listen for session changes using onAuthStateChange.
Learn the concepts, fix things with confidence, and ship real products with AI beside you. No coding background required, and we're with you from the first idea to launch.
Free to start. No card. Leave whenever you want.