Para Swift SDK provides robust session management, automatically tracking authentication states and ensuring secure, seamless interactions. Effective session management is critical for security, usability, and reliability of your application.

โ€‹
Session States

Para manages sessions using the ParaSessionState enum:

  • unknown: Initial state before the status is determined.
  • inactive: SDK initialized but no active session.
  • active: Session is active but user not fully logged in.
  • activeLoggedIn: User is fully logged in with an active session.

โ€‹
Observing Session States

Utilize SwiftUIโ€™s Combine or other state management tools to observe changes:

@StateObject private var paraManager: ParaManager

.onChange(of: paraManager.sessionState) { newState in
  switch newState {
    case .activeLoggedIn:
      print("User authenticated")
    case .inactive:
      print("Session inactive")
    default:
      print("Session state: \(newState)")
  }
}

โ€‹
Session Duration

The Para session length is 2 hours by default, but can be configured to up to 30 days. To configure this parameter, please visit the Configuration section of the Developer Portal. A user signing a message or transaction extends the session by the duration of the session length.

โ€‹
Key Session Methods

  • isSessionActive() async throws -> Bool: Checks if the session is currently valid before performing authenticated operations.
  • isFullyLoggedIn() async throws -> Bool: Checks if the user is fully logged in with an active session.
  • exportSession() async throws -> String: Exports session state as a string that can be used for advanced integration scenarios.
  • logout() async throws: Clears the current session, removes all website data from the WebView, and resets the session state to inactive.

โ€‹
Maintaining Active Sessions

For long-running applications, check session status before performing sensitive operations:

func performSensitiveOperation() {
  Task {
    do {
      if try await paraManager.isSessionActive() {
        // Proceed with sensitive operation
        try await signTransaction(...)
      } else {
        // Handle session expiration - redirect to login
        navigateToLogin()
      }
    } catch {
      await MainActor.run {
        isLoggedIn = false
      }
    }
  }
}

โ€‹
Refreshing Expired Sessions

When a session has expired, Para recommends initiating a full authentication flow rather than trying to refresh the session.

For Swift applications, always call logout() before reinitiating authentication when a session has expired to ensure all stored data is properly cleared.

import ParaSwift

func handleSessionExpiration() async {
  do {
    // When session expires, first clear storage
    try await paraManager.logout()
    
    // Then redirect to authentication screen
    await MainActor.run {
      // Navigate to authentication screen
    }
  } catch {
    // Handle error
  }
}

โ€‹
Background Security

Clear sensitive data when app goes to background by logging out:

class AppDelegate: NSObject, UIApplicationDelegate {
  func applicationDidEnterBackground(_ application: UIApplication) {
    Task {
      try? await paraManager.logout()
    }
  }
}

โ€‹
Exporting Sessions to Your Server

In some advanced scenarios, you may need to export the session state:

func sendSessionToServer() async throws {
  do {
    // Export session without signing capabilities
    let sessionString = try await paraManager.exportSession()
    
    // Create URL request
    var request = URLRequest(url: URL(string: "https://your-api.com/sessions")!)
    request.httpMethod = "POST"
    request.addValue("application/json", forHTTPHeaderField: "Content-Type")
    
    // Create request body
    let body: [String: Any] = ["session": sessionString]
    request.httpBody = try JSONSerialization.data(withJSONObject: body)
    
    // Send request
    let (_, response) = try await URLSession.shared.data(for: request)
    
    guard let httpResponse = response as? HTTPURLResponse, 
          httpResponse.statusCode == 200 else {
      throw URLError(.badServerResponse)
    }
    
    // Handle success
  } catch {
    // Handle error
    throw error
  }
}

โ€‹
Best Practices

โ€‹
Check Sessions on App Launch

Verify session status when your app starts to determine if users need to reauthenticate:

import SwiftUI
import ParaSwift

class AppStartupManager: ObservableObject {
  @Published var isLoggedIn = false
  let paraManager: ParaManager
  
  init(paraManager: ParaManager) {
    self.paraManager = paraManager
    checkSessionOnLaunch()
  }
  
  func checkSessionOnLaunch() {
    Task {
      do {
        let isActive = try await paraManager.isSessionActive()
        await MainActor.run {
          if isActive {
            // User is logged in
            isLoggedIn = true
          } else {
            // Session not active, clear any lingering data
            Task {
              try? await paraManager.logout()
            }
            isLoggedIn = false
          }
        }
      } catch {
        await MainActor.run {
          isLoggedIn = false
        }
      }
    }
  }
}

โ€‹
Handle App Lifecycle Changes

Swift apps can be backgrounded and foregrounded, which may affect session status:

import SwiftUI
import ParaSwift

class LifecycleManager: ObservableObject {
  let paraManager: ParaManager
  
  init(paraManager: ParaManager) {
    self.paraManager = paraManager
    
    // Register for foreground notifications
    NotificationCenter.default.addObserver(
      self,
      selector: #selector(appMovedToForeground),
      name: UIApplication.willEnterForegroundNotification,
      object: nil
    )
  }
  
  @objc func appMovedToForeground() {
    // App came to foreground, check session
    checkSession()
  }
  
  func checkSession() {
    Task {
      let isActive = try? await paraManager.isSessionActive()
      if isActive != true {
        try? await paraManager.logout()
        await MainActor.run {
          // Navigate to login screen
        }
      }
    }
  }
  
  deinit {
    NotificationCenter.default.removeObserver(self)
  }
}

โ€‹
Next Steps

Explore more advanced features and integrations with Para in Swift:

Social Login

Learn how to implement social login in Swift

External Wallets

Connect to external wallets like MetaMask in your Swift app

Para Swift SDK provides robust session management, automatically tracking authentication states and ensuring secure, seamless interactions. Effective session management is critical for security, usability, and reliability of your application.

โ€‹
Session States

Para manages sessions using the ParaSessionState enum:

  • unknown: Initial state before the status is determined.
  • inactive: SDK initialized but no active session.
  • active: Session is active but user not fully logged in.
  • activeLoggedIn: User is fully logged in with an active session.

โ€‹
Observing Session States

Utilize SwiftUIโ€™s Combine or other state management tools to observe changes:

@StateObject private var paraManager: ParaManager

.onChange(of: paraManager.sessionState) { newState in
  switch newState {
    case .activeLoggedIn:
      print("User authenticated")
    case .inactive:
      print("Session inactive")
    default:
      print("Session state: \(newState)")
  }
}

โ€‹
Session Duration

The Para session length is 2 hours by default, but can be configured to up to 30 days. To configure this parameter, please visit the Configuration section of the Developer Portal. A user signing a message or transaction extends the session by the duration of the session length.

โ€‹
Key Session Methods

  • isSessionActive() async throws -> Bool: Checks if the session is currently valid before performing authenticated operations.
  • isFullyLoggedIn() async throws -> Bool: Checks if the user is fully logged in with an active session.
  • exportSession() async throws -> String: Exports session state as a string that can be used for advanced integration scenarios.
  • logout() async throws: Clears the current session, removes all website data from the WebView, and resets the session state to inactive.

โ€‹
Maintaining Active Sessions

For long-running applications, check session status before performing sensitive operations:

func performSensitiveOperation() {
  Task {
    do {
      if try await paraManager.isSessionActive() {
        // Proceed with sensitive operation
        try await signTransaction(...)
      } else {
        // Handle session expiration - redirect to login
        navigateToLogin()
      }
    } catch {
      await MainActor.run {
        isLoggedIn = false
      }
    }
  }
}

โ€‹
Refreshing Expired Sessions

When a session has expired, Para recommends initiating a full authentication flow rather than trying to refresh the session.

For Swift applications, always call logout() before reinitiating authentication when a session has expired to ensure all stored data is properly cleared.

import ParaSwift

func handleSessionExpiration() async {
  do {
    // When session expires, first clear storage
    try await paraManager.logout()
    
    // Then redirect to authentication screen
    await MainActor.run {
      // Navigate to authentication screen
    }
  } catch {
    // Handle error
  }
}

โ€‹
Background Security

Clear sensitive data when app goes to background by logging out:

class AppDelegate: NSObject, UIApplicationDelegate {
  func applicationDidEnterBackground(_ application: UIApplication) {
    Task {
      try? await paraManager.logout()
    }
  }
}

โ€‹
Exporting Sessions to Your Server

In some advanced scenarios, you may need to export the session state:

func sendSessionToServer() async throws {
  do {
    // Export session without signing capabilities
    let sessionString = try await paraManager.exportSession()
    
    // Create URL request
    var request = URLRequest(url: URL(string: "https://your-api.com/sessions")!)
    request.httpMethod = "POST"
    request.addValue("application/json", forHTTPHeaderField: "Content-Type")
    
    // Create request body
    let body: [String: Any] = ["session": sessionString]
    request.httpBody = try JSONSerialization.data(withJSONObject: body)
    
    // Send request
    let (_, response) = try await URLSession.shared.data(for: request)
    
    guard let httpResponse = response as? HTTPURLResponse, 
          httpResponse.statusCode == 200 else {
      throw URLError(.badServerResponse)
    }
    
    // Handle success
  } catch {
    // Handle error
    throw error
  }
}

โ€‹
Best Practices

โ€‹
Check Sessions on App Launch

Verify session status when your app starts to determine if users need to reauthenticate:

import SwiftUI
import ParaSwift

class AppStartupManager: ObservableObject {
  @Published var isLoggedIn = false
  let paraManager: ParaManager
  
  init(paraManager: ParaManager) {
    self.paraManager = paraManager
    checkSessionOnLaunch()
  }
  
  func checkSessionOnLaunch() {
    Task {
      do {
        let isActive = try await paraManager.isSessionActive()
        await MainActor.run {
          if isActive {
            // User is logged in
            isLoggedIn = true
          } else {
            // Session not active, clear any lingering data
            Task {
              try? await paraManager.logout()
            }
            isLoggedIn = false
          }
        }
      } catch {
        await MainActor.run {
          isLoggedIn = false
        }
      }
    }
  }
}

โ€‹
Handle App Lifecycle Changes

Swift apps can be backgrounded and foregrounded, which may affect session status:

import SwiftUI
import ParaSwift

class LifecycleManager: ObservableObject {
  let paraManager: ParaManager
  
  init(paraManager: ParaManager) {
    self.paraManager = paraManager
    
    // Register for foreground notifications
    NotificationCenter.default.addObserver(
      self,
      selector: #selector(appMovedToForeground),
      name: UIApplication.willEnterForegroundNotification,
      object: nil
    )
  }
  
  @objc func appMovedToForeground() {
    // App came to foreground, check session
    checkSession()
  }
  
  func checkSession() {
    Task {
      let isActive = try? await paraManager.isSessionActive()
      if isActive != true {
        try? await paraManager.logout()
        await MainActor.run {
          // Navigate to login screen
        }
      }
    }
  }
  
  deinit {
    NotificationCenter.default.removeObserver(self)
  }
}

โ€‹
Next Steps

Explore more advanced features and integrations with Para in Swift:

Social Login

Learn how to implement social login in Swift

External Wallets

Connect to external wallets like MetaMask in your Swift app