Understanding Session Object Properties and Best Practices

BennoBuilder · ‎07-19-2024

Hey everyone,

I'm currently learning about Shopify app development and have a few questions regarding the Session object. Here's an example of a stored Session object:

{
  id: "offline_bennos-dev-store.myshopify.com",
  shop: "bennos-dev-store.myshopify.com",
  state: "",
  isOnline: false,
  scope: "write_products",
  expires: undefined,
  accessToken: "shpua_123token456",
  onlineAccessInfo: undefined
}

Are there any official docs that describe the properties of the Session object in detail?
Is the accessToken tied to the SHOPIFY_API_KEY of my app, meaning it can only be used with the app's API key that issued it?
Should sessions be "stored" and managed on the frontend server, or can I send the Session object to my backend (via custom ApiSessionStorage, instead of using e.g. PrismaSessionStorage) and store it in the backend's database? Can I use the Session's accessToken on the server to use the Shopify admin-api-client.
If the expires property is undefined, does this mean the session token will never expire until App access is revoked or something around those lines?

Thanks for your help 🙂

cheers

Kyle_liu · ‎07-24-2024

Hi @BennoBuilder

The following is an explanation about offsine_token:

https://shopify.dev/docs/apps/build/authentication-authorization/access-tokens/offline-access-tokens

Need to store the session in backend's database.

If this is helpful, please Like and Accept the solution.
Want to modify or custom changes on store? Let me help.
- Feel free to contact me Email Me Buy Me A Coffee