Sessions
Two strategies: cookies (default) and JWT.
Cookie strategy
from nexfetch_auth.core.config import SessionConfig
session=SessionConfig(strategy="cookie")
Sessions are HTTP-only cookies. Standard for browser apps.
JWT strategy
session=SessionConfig(strategy="jwt", jwt_secret="separate-jwt-secret")
Sessions are returned as JWT tokens in the response body. Send via Authorization: Bearer <token> header. Ideal for SPAs and mobile apps.
Endpoints
| Endpoint | Description |
|---|---|
GET /get-session | Current session and user |
GET /list-sessions | All active sessions for user |
POST /revoke-session | Revoke a specific session |
POST /revoke-other-sessions | Revoke all except current |
POST /refresh-token | Issue a new session token |
POST /sign-out | Revoke current session |