verifySessionCookie()

verifySessionCookie(sessionCookie, checkRevoked?): Promise<DecodedIdToken>

Verifies a Firebase session cookie. Returns a Promise with the cookie claims. Rejects the promise if the cookie could not be verified.

If checkRevoked is set to true, first verifies whether the corresponding user is disabled: If yes, an auth/user-disabled error is thrown. If no, verifies if the session corresponding to the session cookie was revoked. If the corresponding user's session was invalidated, an auth/session-cookie-revoked error is thrown. If not specified the check is not performed.

See Verify Session Cookies for code samples and detailed documentation

Parameters

sessionCookie

string

The session cookie to verify.

checkRevoked?

boolean

Whether to check if the session cookie was revoked. This requires an extra request to the Firebase Auth backend to check the tokensValidAfterTime time for the corresponding user. When not specified, this additional check is not performed.

Returns

Promise<DecodedIdToken>

A promise fulfilled with the session cookie's decoded claims if the session cookie is valid; otherwise, a rejected promise.

verifySessionCookie() ​

Parameters ​

sessionCookie ​

checkRevoked? ​

Returns ​

verifySessionCookie()

Parameters

sessionCookie

checkRevoked?

Returns