All your users, when using TalkJS, will be logged in to a session. This is a bit like a login session in your own app, except that users don't directly log in to TalkJS. Instead, you ensure that users can only have a TalkJS session when they have a valid session in your app.

Creating a session is typically the first thing you'll do when using TalkJS from JavaScript:

var me = new Talk.User({
    id: 12345,
    name: "Dennis Vargas"
});
var talkSession = new Talk.Session({
    appId: "YOUR_APP_ID",
    me: me
});

As you can see in the code example above, a session describes a connection between a user, your TalkJS account, and, implicitly, the browser or device the user is currently on.

When to start a session

We recommend that you start a TalkJS session right after the user logs in, on every page - even ones where users can't read or write messages. This way, TalkJS can show desktop notifications and trigger JavaScript events everywhere. This should not impact the performance of your app in any way, because the core chat library is loaded asynchronously and very small.

If your app is a server-side rendered web app, we recommend that you start a session on every page load.

Session lifecycle

A session exists from creation until the user navigates away from the page or closes the tab. There is currently no way to destroy a session other than unloading the page. If your app allows your user to log out without unloading the page, we recommend that you programmatically force a reload or a redirect to destroy the session.

Session security

TalkJS uses a system called Identity Verification to ensure that:

  • The user is who they say they are
  • The user has a valid login session on your app.

This way, a TalkJS Session can only exist when the user is logged into your app, and not otherwise. We strongly recommend that you set this up so that accounts cannot be hijacked.

Read all about identity verification here.

Session data

Field Type Description
me Talk.User

The user currently logged in to your app.

Example: new User({id: 12345, name: "Jeffrey"})

appId string

Your TalkJS app id, as found in the dashboard. Note: you have one appId for testing and development, and one for production. Ensure that you use the correct one.

Example: "hF83jaq"

signature string

The HMAC-SHA256 hash of the current user id, signed with your TalkJS secret key. Required if Identity Verification is enabled.

Example: "65b7788eb354f80b581c0208fb22b1398b248e746a8439865a7b738b012bcef4"

Further reading