Skip to main content

Check for sessions

You can check for sessions by calling the /sessions/whoami endpoint and including the issued cookie or token.

Browser cookies

To check if the user is signed in, call the /sessions/whoami endpoint. When the user doesn't have a session, you get a 401 Unauthorized response. If the user has a session, you get a 200 OK response and the session payload.

GET https://{your-project-slug-here}.projects.oryapis.com/sessions/whoami
Cookies: ory_session_...=...
# OR
X-Session-Token: {your-session-token}

Code sample

If you have the session cookie available from another source you can also use the X-Session-Cookie header:

app.get("/", function (req, res) {
  // Cookies that haven't been signed
  const cookie = req.cookies["ory_kratos_session"]

  // Make a request and include the cookie in X-Session-Cookie
  fetch("https://playground.projects.oryapis.com/sessions/whoami", {
    headers: { "X-Session-Cookie": cookie },
  })
    .then((res) => res.json())
    .then((session) => console.log(session))
})

Session tokens

To check for sessions of API clients, call the /sessions/whoami and include the Ory Session Token as the Bearer Token in the HTTP Authorization header:

sessionToken={someSessionTokenHere}
curl -s -X POST -H  "Accept: application/json" \
    -H "Authorization: Bearer $sessionToken" \
    # OR: \
    # -H "X-Session-Token: $sessionToken" \
    https://{your-project-slug-here}.projects.oryapis.com/sessions/whoami | jq
{
  "id": "8f660ce3-69ec-4aeb-9fda-f9230dc3243f",
  "active": true,
  "expires_at": "2020-08-25T13:42:15.7411522Z",
  "authenticated_at": "2020-08-24T13:42:15.7411522Z",
  "issued_at": "2020-08-24T13:42:15.7412042Z",
  "identity": {
    "id": "bf32596a-f853-47c4-91e6-a3f41cf4949d",
    "schema_id": "default",
    "schema_url": "https://playground.projects.oryapis.com/schemas/default",
    "traits": {
      "email": "api@user.org",
      "name": {
        "last": "User",
        "first": "API"
      }
    },
    "verifiable_addresses": [
      {
        "id": "f877db6c-7dfb-45e3-bbeb-ac8349348128",
        "value": "api@user.org",
        "verified": false,
        "via": "email",
        "verified_at": null,
        "expires_at": "2020-08-24T14:35:59.125873Z"
      }
    ],
    "recovery_addresses": [
      {
        "id": "065a908c-82be-4110-bf67-9910f36242b7",
        "value": "api@user.org",
        "via": "email"
      }
    ]
  }
}