After authenticating and storing the encrypted session as a cookie, retrieving and decrypting the session is made easy via the session helper methods.
Load the session by providing the sealed session and the cookie password.
import { WorkOS } from '@workos-inc/node'; const workos = new WorkOS('sk_example_123456789', { clientId: 'client_123456789', }); const session = await workos.userManagement.loadSealedSession({ sessionData: 'sealed_session_cookie_data', cookiePassword: 'password_previously_used_to_seal_session_cookie', });
require "workos" WorkOS.configure do |config| config.key = "sk_example_123456789" end session = WorkOS::UserManagement.load_sealed_session( client_id: "client_123456789", session_data: "sealed_session_cookie_data", cookie_password: "password_previously_used_to_seal_session_cookie" )
from workos import WorkOSClient workos = WorkOSClient(api_key="sk_example_123456789", client_id="client_123456789") session = workos.user_management.load_sealed_session( sealed_session="sealed_session_cookie_data", cookie_password="password_previously_used_to_seal_session_cookie", )
userManagementParameters objectReturns objectUnseals the session data and checks if the session is still valid.
import { WorkOS } from '@workos-inc/node'; const workos = new WorkOS('sk_example_123456789', { clientId: 'client_123456789', }); const session = await workos.userManagement.loadSealedSession({ sessionData: 'sealed_session_cookie_data', cookiePassword: 'password_previously_used_to_seal_session_cookie', }); const authResponse = await session.authenticate(); if (authResponse.authenticated) { // User is authenticated and session data can be used const { sessionId, organizationId, role, permissions, user } = authResponse; } else { if (authResponse.reason === 'no_session_cookie_provided') { // Redirect the user to the login page } }
require "workos" WorkOS.configure do |config| config.key = "sk_example_123456789" end session = WorkOS::UserManagement.load_sealed_session( client_id: "client_123456789", session_data: "sealed_session_cookie_data", cookie_password: "password_previously_used_to_seal_session_cookie" ) result = session.authenticate if result[:authenticated] # User is authenticated and session data can be used puts result[:user] elsif reason == "NO_SESSION_COOKIE_PROVIDED" # Redirect the user to the login page end
from workos import WorkOSClient workos = WorkOSClient(api_key="sk_example_123456789", client_id="client_123456789") session = workos.user_management.load_sealed_session( sealed_session="sealed_session_cookie_data", cookie_password="password_previously_used_to_seal_session_cookie", ) auth_result = session.authenticate() if auth_result.authenticated: # User is authenticated and session data can be used print(auth_result.user) elif auth_result.reason == "no_session_cookie_provided": # Redirect the user to the login page pass
sessionReturns objectRefreshes the user’s session with the refresh token. Passing in a new organization ID will switch the user to that organization.
import { WorkOS } from '@workos-inc/node'; const workos = new WorkOS('sk_example_123456789', { clientId: 'client_123456789', }); const session = await workos.userManagement.loadSealedSession({ sessionData: 'sealed_session_cookie_data', cookiePassword: 'password_previously_used_to_seal_session_cookie', }); const refreshResult = await session.refresh(); if (!refreshResult.authenticated) { // Redirect the user to the login page } const { session: userSession, sealedSession, user, organizationId, role, permissions, entitlements, impersonator, } = refreshResult; // Use claims and userSession for further business logic // Set the sealedSession in a cookie
require "workos" WorkOS.configure do |config| config.key = "sk_example_123456789" end session = WorkOS::UserManagement.load_sealed_session( client_id: "client_123456789", session_data: "sealed_session_cookie_data", cookie_password: "password_previously_used_to_seal_session_cookie" ) result = session.refresh authenticated = result[:authenticated] sealed_session = result[:sealed_session] user_session = result[:session] if !authenticated # Redirect the user to the login page end # Use new_session for further business logic # Store the sealed_session in a cookie
from workos import WorkOSClient workos = WorkOSClient(api_key="sk_example_123456789", client_id="client_123456789") session = workos.user_management.load_sealed_session( sealed_session="sealed_session_cookie_data", cookie_password="password_previously_used_to_seal_session_cookie", ) result = session.refresh() if not result.authenticated: # Redirect the user to the login page pass user_session = result.session sealed_session = result.sealed_session # Use user_session for further business logic # Store the sealed_session in a cookie
sessionParameters objectReturns RefreshSessionResponseEnd a user’s session. The user’s browser should be redirected to this URL. Functionally similar to Get logout URL but extracts the session ID automatically from the session data.
import { WorkOS } from '@workos-inc/node'; const workos = new WorkOS('sk_example_123456789', { clientId: 'client_123456789', }); const session = await workos.userManagement.loadSealedSession({ sessionData: 'sealed_session_cookie_data', cookiePassword: 'password_previously_used_to_seal_session_cookie', }); const logOutUrl = await session.getLogOutUrl(); // Redirect the user to the log out URL
require "workos" WorkOS.configure do |config| config.key = "sk_example_123456789" end session = WorkOS::UserManagement.load_sealed_session( client_id: "client_123456789", session_data: "sealed_session_cookie_data", cookie_password: "password_previously_used_to_seal_session_cookie" ) url = session.get_logout_url # Redirect the user to the log out URL
from workos import WorkOSClient workos = WorkOSClient(api_key="sk_example_123456789", client_id="client_123456789") session = workos.user_management.load_sealed_session( sealed_session="sealed_session_cookie_data", cookie_password="password_previously_used_to_seal_session_cookie", ) url = session.get_logout_url() # Redirect the user to the log out URL
sessionReturns