Own Session Management
Learn how to use your own session management while using Corbado’s passkey authentication solution.
In the following, we’ll outline the step-by-step implementation of how to connect your own session management with the Corbado session management:
User logs in to your application
The user logs into your application using our UI Components.
Corbado backend creates session-token
Upon successful login, the Corbado Frontend API responds with a session-token.
Request a session from your application
After receiving the Corbado session-token, the user sends a request to your backend including the Corbado session-token either as a cookie or in an authorization header.
Validate the Corbado session-token in your backend
Your backend must verify the Corbado session-token to be authentic. This can be done either by using a dedicated Corbado backend SDK or manually using our JWKS.
Create your own session
After confirming that the Corbado session-token is authentic, so you can create your own session in the backend. Then, send your session to the user.
Store and use your own session
After the user receives your session, he can store it in any way you prefer (e.g. cookie or localstorage). Moving forward, it’s up to you how to handle your own session and what properties it should have.
Was this page helpful?