Sessions

All your users, when using TalkJS, will be logged in to a session. This is a bit like a login session in your own app, except that users don't directly log in to TalkJS. Instead, you ensure that users can only have a TalkJS session when they have a valid session in your app.

Creating a session is typically the first thing you'll do when using TalkJS from JavaScript:

1const me = new Talk.User({
2 id: 12345,
3 name: 'Dennis Vargas',
4});
5const session = new Talk.Session({
6 appId: 'YOUR_APP_ID',
7 me: me,
8});

As you can see in the code example above, a session describes a connection between a user, your TalkJS account, and, implicitly, the browser or device the user is currently on.

When to start a session

We recommend that you start a TalkJS session right after the user logs in, on every page - even ones where users can't read or write messages. This way, TalkJS can show desktop notifications and trigger JavaScript events everywhere. This should not impact the performance of your app in any way because the core chat library is loaded asynchronously and very small.

If your app is a server-side rendered web app, we recommend that you start a session on every page load.

Session lifecycle

A session exists from creation until the user navigates away from the page or closes the tab.

If your app allows your user to log out without unloading the page, we recommend that you destroy the session using the session's destroy method.

Session security

TalkJS uses a system called Identity Verification to ensure that:

  • The user is who they say they are
  • The user has a valid login session on your app.

This way, a TalkJS Session can only exist when the user is logged into your app, and not otherwise. We strongly recommend that you set this up so that accounts cannot be hijacked.

Read all about identity verification here.

Session data

FieldTypeDescriptionExample
me
Talk.UserThe user currently logged in to your app.new User({id: 12345, name: "Jeffrey"})
appId
stringYour TalkJS app ID, as found on the Settings page of your dashboard. Note: you have one appId for testing and development, and one for production. Ensure that you use the correct one."hF83jaq"
signature
stringThe HMAC-SHA256 hash of the current user id, signed with your TalkJS secret key. Required if Identity Verification is enabled."65b7788eb354f80b581c0208fb22b1398b248e746a8439865a7b738b012bcef4"

Further reading