This message was deleted.

Hi @prehistoric-minister-50673 It's doing an HTTP request through axios to our REST APIs https://www.ory.sh/docs/reference/api#tag/frontend

Thanks! Yeah, after reading through the doc a few times it looks like every request to my server should verify the session against the

/sessions

API. In other words the cookie can't be verified like a JWT and has to be verified with Ory's servers every time? (unless of course I use Hydra I think to get a JWT) Similar to if I were to store session tokens in my database and verify every request against that.

Hey Sach, haha thanks 😄 you can convert your Ory cookie session to a JWT session here to reduce calls to the

/sessions/whoami

endpoint. https://www.ory.sh/docs/identities/session-to-jwt-cors Another trick is to reduce the calls by checking on your server if there even is an ory cookie set. if not, just deny the request immediately without calling the Ory API

@proud-plumber-24205 is there a plan to have a webhooks when sessions are being created or revoked ? The after_login hook do no have any information about the session. My goal was to have a copy of the sessions in the application database. I'm building opensource adapters for some frameworks (Ruby and Elixir based). Currently my POC work when i have access to the session table in selfhosted kratos. But will not work on orycloud.

Hi @full-dog-93838 I don't think we have such a plan atm. Would you mind opening an issue on this in the Kratos repository? You could also get all of the user session data through the user ID with the Admin API. https://www.ory.sh/docs/kratos/session-management/list-revoke-get-sessions#listing-all-sessions-of-a-user