All your users, when using TalkJS, will be logged in to a session. This is a bit like a login session in your own app, except that users don't directly log in to TalkJS. Instead, you ensure that users can only have a TalkJS session when they have a valid session in your app.

Creating a session is typically the first thing you'll do when using TalkJS from JavaScript:

1const me = new Talk.User({
2 id: 12345,
3 name: 'Dennis Vargas',
5const session = new Talk.Session({
6 appId: '<APP_ID>',
7 me: me,

As you can see in the code example above, a session describes a connection between a user, your TalkJS account, and, implicitly, the browser or device the user is currently on.

You'll need to replace <APP_ID> with your TalkJS App ID. You can find your App ID in the Settings tab of the TalkJS dashboard.

When to start a session

We recommend that you start a TalkJS session right after the user logs in, on every page - even ones where users can't read or write messages. This way, TalkJS can show desktop notifications and trigger JavaScript events everywhere. This should not impact the performance of your app in any way because the core chat library is loaded asynchronously and very small.

If your app is a server-side rendered web app, we recommend that you start a session on every page load.

Session lifecycle

A session exists from creation until the user navigates away from the page or closes the tab.

If your app allows your user to log out without unloading the page, we recommend that you destroy the session using the session's destroy method.

Session security

TalkJS uses a system called identity verification to ensure that:

  • The user is who they say they are
  • The user has a valid login session on your app

This way, a TalkJS Session can only exist when the user is logged into your app, and not otherwise. We strongly recommend that you enable identity verification so that accounts cannot be hijacked.

Read all about identity verification here.

Session data

Talk.UserThe user currently logged in to your User({id: 12345, name: "Jeffrey"})
stringYour TalkJS app ID, as found on the Settings page of your dashboard. Note: you have one appId for testing and development, and one for production. Ensure that you use the correct one."hF83jaq"
stringA token to authenticate the session with. Pass token if you use standard (non-refreshable) authentication."eyJhbGciOiJIUzI1NiJ9.eyJ0b2tlblR5cGUiOiJ1c2VyIiwiaXNzIjoiRVhBTVBMRV9BUFAiLCJzdWIiOiJFWEFNUExFX1VTRVIifQ.L2xKxkn0mpK46PKP_S384N0mT1Flog38NAaaiy3nG-I"
() => Promise<string>A callback that fetches a new token from your backend and returns it. Pass tokenFetcher if you use authentication with refreshable tokens.() => fetch("<ENDPOINT>") .then((res) => res.text())
stringThe HMAC-SHA256 hash of the current user id, signed with your TalkJS secret key. Pass signature if you use legacy signature-based authentication."65b7788eb354f80b581c0208fb22b1398b248e746a8439865a7b738b012bcef4"

Further reading