The useSession() hook is used to access session data on the client side and helps manage session. When the session changes, the useSession() hook will automatically update the session data. It returns a session object that contains the user object and other information. The session object will be null if the user is not authenticated.
This hook cannot be used in api routes. It is strictly for client side.
The session object contains the following properties:
user: The user object returned by the authentication provider.expires: The timestamp in milliseconds when the session expires.accessToken: The access token for the authentication provider.refreshToken: The refresh token for the authentication provider.idToken: The ID token for the authentication provider.jwt: The JSON Web Token (JWT) for the session.jwtPayload: The decoded JWT payload for the session.error: An error object if there was an error.loading: A boolean value that is true if the session is being fetched.data: The session object returned by the server.status: The HTTP status code of the response.headers: The HTTP headers of the response.redirect: A function that redirects to a new page.error: A function that throws an error.onUnauthenticated: A function that is called if the user is not authenticated.onSessionExpired: A function that is called if the session has expired.onAccessTokenExpired: A function that is called if the access token has expired.onAccessTokenError: A function that is called if there was an error getting the access token.onIdTokenExpired: A function that is called if the ID token has expired.onIdTokenError: A function that is called if there was an error getting the ID token.onJwtExpired: A function that is called if the JWT has expired.onJwtError: A function that is called if there was an error getting the JWT.onSignOut: A function that is called if the user signs out.onSignIn: A function that is called if the user signs in.onSessionUpdate: A function that is called if the session is updated.
getServerSession is used to get the session data at the time the server is processing a request i.e. used on server side. It will return the session data as it exists at that moment, but it will not continue to monitor the session for changes i.e. it does not manage session.
An access token is a credential used by an application to access an API. Its purpose is to inform the API that the bearer of this token has been authorized to access the API and perform specific actions.
A refresh token is a special kind of token used to obtain a renewed access token without requiring the user to re-authenticate. This is useful for extending sessions.
An ID token is a JWT that contains claims about the identity of the authenticated user, providing information such as username, email, and other profile information.