Learn how to check session status, maintain active sessions, and handle session expiration in Para web applications.

Checking Session Status

Use isSessionActive() to verify whether a user’s session is currently valid before performing authenticated operations. Example usage: 
const para = new Para(apiKey);

try {
  const isActive = await para.isSessionActive();
  if (!isActive) {
    // Handle expired session
    // See options below for session refresh
  }
} catch (error) {
  console.error("Session check failed:", error);
}

Maintaining Active Sessions

Use keepSessionAlive() to extend an active session’s validity without requiring full reauthentication. Example usage: 
const para = new Para(apiKey);

try {
  const success = await para.keepSessionAlive();
  if (!success) {
    // Handle failed session maintenance
    // Consider initiating a full authentication flow
  }
} catch (error) {
  console.error("Session maintenance failed:", error);
}

Automatic Session Management with React

If you’re using the React SDK and the ParaProvider component, you can leverage automatic session management: 
// The ParaProvider will automatically keep sessions alive by default
<ParaProvider>
  <YourApp />
</ParaProvider>

// To disable automatic session management
<ParaProvider config={paraConfig} disableAutoSessionKeepAlive={true}>
  <YourApp />
</ParaProvider>
When using the ParaProvider component from the React SDK, it automatically keeps sessions alive in the background by calling keepSessionAlive() periodically. You can disable this behavior by setting the disableAutoSessionKeepAlive prop to true if you prefer to manage sessions manually.

Refreshing Expired Sessions

Para provides the refreshSession() method when a session has expired.
It’s currently recommended to initiate a full authentication flow rather than using refreshSession() when sessions expire. The refresh flow is being improved in upcoming releases.
For most applications, when a session expires, it’s better to guide users through a complete authentication process: 
const para = new Para(apiKey);

// When session expires, initiate a full authentication
if (!(await para.isSessionActive())) {
  //route to authentication page
}

Best Practices

  • Proactive Session Management: Always check session status before operations that require authentication
  • Regular Session Extension: For long user sessions, periodically call keepSessionAlive() or leverage the ParaProvider automatic session management
  • Graceful Expiration Handling: Provide a smooth re-authentication flow when sessions expire instead of showing errors