Skip to main content

Check for Sessions

You can check for sessions by calling the /sessions/whoami endpoint and including the issued cookie or token.

Browser Cookies

To check if the user is signed in, call the /sessions/whoami endpoint. When the user doesn't have a session, you get a 401 Unauthorized response. If the user has a session, you get a 200 OK response and the session payload.

GET https://{your-project-slug-here}.projects.oryapis.com/sessions/whoami
Cookies: ory_session_...=...
# OR
X-Session-Token: {your-session-token}

Code Sample

If you have the session cookie available from another source you can also use the X-Session-Token header:

app.get('/', function (req, res) {
// Cookies that haven't been signed
const cookie = req.cookies['ory_kratos_session']

// Make a request and include the cookie in X-Session-Cookie
fetch(
'https://playground.projects.oryapis.com/api/kratos/public/sessions/whoami',
{
headers: { 'X-Session-Cookie': cookie }
}
)
.then((res) => res.json())
.then((session) => console.log(session))
})

Session Tokens

To check for sessions of API clients, call the /sessions/whoami and include the Ory Kratos Session Token as the Bearer Token in the HTTP Authorization header:

sessionToken={someSessionTokenHere}
curl -s -X POST -H "Accept: application/json" \
-H "Authorization: Bearer $sessionToken" \
# OR: \
# -H "X-Session-Token: $sessionToken" \
https://{your-project-slug-here}.projects.oryapis.com/sessions/whoami | jq
{
"id": "8f660ce3-69ec-4aeb-9fda-f9230dc3243f",
"active": true,
"expires_at": "2020-08-25T13:42:15.7411522Z",
"authenticated_at": "2020-08-24T13:42:15.7411522Z",
"issued_at": "2020-08-24T13:42:15.7412042Z",
"identity": {
"id": "bf32596a-f853-47c4-91e6-a3f41cf4949d",
"schema_id": "default",
"schema_url": "https://playground.projects.oryapis.com/api/kratos/public/schemas/default",
"traits": {
"email": "api@user.org",
"name": {
"last": "User",
"first": "API"
}
},
"verifiable_addresses": [
{
"id": "f877db6c-7dfb-45e3-bbeb-ac8349348128",
"value": "api@user.org",
"verified": false,
"via": "email",
"verified_at": null,
"expires_at": "2020-08-24T14:35:59.125873Z"
}
],
"recovery_addresses": [
{
"id": "065a908c-82be-4110-bf67-9910f36242b7",
"value": "api@user.org",
"via": "email"
}
]
}
}