Session Management
Manage client sessions in server-side environments with Para Server SDK
Para’s Server SDK enables you to import and manage client-side sessions within your server environment. This allows your server to perform authenticated blockchain operations on behalf of users without requiring them to re-authenticate. The server can also validate existing client sessions using either the Para client or dedicated verification endpoints.
Importing Client Sessions
To use a client session on your server, you need to:
- Export the session from the client-side Para instance
- Transfer the session to your server securely
- Import the session into your server-side Para instance
Client-Side Session Export
First, have your client-side application export the active session:
If signing on the server isn’t required, you can pass { excludeSigners: true }
as an argument to exportSession
to remove the signer data from the exported wallets, enhancing security:
Server-Side Session Import
On your server, import the session into a Para Server SDK instance:
Create a new Para client instance for each request when handling multiple users. This prevents session conflicts between different users’ requests and ensures security isolation.
Session Validation
You can validate sessions on the server side to ensure they’re still active before performing operations.
Using the Para Client
Using Verification Tokens
For non-Node.js servers or scenarios where you only need to validate a session without importing it, Para provides dedicated verification endpoints:
On your server, verify the token against Para’s API:
The verification endpoints are environment-specific:
Environment | Verification URL |
---|---|
SANDBOX | https://api.sandbox.getpara.com/sessions/verify |
BETA | https://api.beta.getpara.com/sessions/verify |
PROD | https://api.getpara.com/sessions/verify |
The verification response will contain the authentication type and identifier:
Session Management
Maintaining Session Validity
To extend the validity of an imported session, you can use the keepSessionAlive
method:
You can configure session duration (up to 30 days) in the Para Developer Portal. This affects how long sessions remain valid without explicit extension.
Best Practices
-
Create new Para instances per request: Initialize a fresh Para Server SDK instance for each request to prevent session conflicts between users.
-
Secure session transport: Always use HTTPS and consider additional encryption when transferring sessions between client and server.
-
Exclude signers when possible: Use
{ excludeSigners: true }
when exporting sessions if server-side signing isn’t needed. -
Validate before operations: Always check if a session is active before performing blockchain operations.
-
Handle expiration gracefully: Implement proper error handling for expired sessions, guiding users to re-authenticate when necessary.
-
Consider session verification tokens: For simple authentication checks without full session import, use verification tokens.
-
Set appropriate session duration: Configure session length in the developer portal based on your security requirements.
Learn More
For more information about client-side session management and authentication, refer to our web documentation:
Examples
To learn more about using sessions on the server, check out this example. Each example route will have both pregen and session based routes for you to test with.