|
| 1 | +--- |
| 2 | +title: Sessions |
| 3 | +description: Sessions allow you to create multiple users inside a single sandbox. |
| 4 | +--- |
| 5 | + |
| 6 | +import { Callout } from 'nextra-theme-docs' |
| 7 | + |
| 8 | +# Sessions |
| 9 | + |
| 10 | +Normally, when you create a sandbox, we create a single user (called `pitcher-host`) inside the sandbox, which you can use to interact with it. This user has write access to any API. We refer to this session as the "global" session. |
| 11 | + |
| 12 | +```ts |
| 13 | +const sandbox = await sdk.sandbox.create(); |
| 14 | + |
| 15 | +// Now I have a session where I act as `pitcher-host` user. |
| 16 | +// Any action I do will be done as `pitcher-host` user. |
| 17 | +await sandbox.fs.writeTextFile('test.txt', 'Hello World'); |
| 18 | +``` |
| 19 | + |
| 20 | +<Callout> |
| 21 | +When you run `whoami`, it will say you're `root`. That's because we run every session inside a Docker container where you are `root`. The container itself, however, is started as the user of your session. |
| 22 | +</Callout> |
| 23 | + |
| 24 | +Now, let's say you want another user to connect with the sandbox as well but don't want them to act on behalf of your global session. Perhaps you want them to have different permissions, or you want to isolate their actions from the global session. In that case, you can create a new session. |
| 25 | + |
| 26 | +```ts |
| 27 | +const sandbox = await sdk.sandbox.create(); |
| 28 | + |
| 29 | +// Now create a new session that only has read access to the sandbox. |
| 30 | +const session = await sandbox.sessions.createReadOnly(); |
| 31 | + |
| 32 | +// I have access to the normal sandbox api, but I only have read access |
| 33 | +// This means I cannot write files or open shells, but I _can_ read them |
| 34 | +await session.fs.writeTextFile('test.txt', 'Hello World'); // This will throw an error. |
| 35 | +await session.fs.readTextFile('test.txt'); // This will work. |
| 36 | + |
| 37 | +// I can also create sessions with write access |
| 38 | +const session2 = await sandbox.sessions.create('my-session-id', { |
| 39 | + permission: 'write', |
| 40 | +}); |
| 41 | +await session2.fs.writeTextFile('test.ext', 'Hello World'); // This will work |
| 42 | +``` |
| 43 | + |
| 44 | +If you create a session with the same id as before (e.g., `my-session-id`), we will reuse the existing session. |
| 45 | + |
| 46 | +## Sessions Inside the Browser |
| 47 | + |
| 48 | +By default, we will automatically connect to the session when calling `sandbox.sessions.create()`. However, if you want to connect from the browser, you can instead create a session on the server and share a token to the browser, which the browser can then use to connect. Here is an example: |
| 49 | + |
| 50 | +```ts |
| 51 | +const sandbox = await sdk.sandbox.create(); |
| 52 | + |
| 53 | +const sessionInfo = sandbox.sessions.create('my-new-session', { permission: 'write', autoConnect: false }); |
| 54 | + |
| 55 | +// Now pass sessionInfo to the browser, and inside the browser do: |
| 56 | + |
| 57 | +import { connectToSandbox } from '@codesandbox/sdk/browser'; |
| 58 | + |
| 59 | +const session = await connectToSandbox(sessionInfo); |
| 60 | +``` |
| 61 | + |
| 62 | +## Storage |
| 63 | + |
| 64 | +Every session will have the same filesystem as the global session. This means that if one user creates a file inside the workspace folder (or even the home folder) other users will be able to see it. There is one exception to this the `~/.private` folder will be private for each session. No other session (including the global session) will be able to read or write to files inside this folder. |
| 65 | + |
| 66 | +## Use Cases |
| 67 | + |
| 68 | +You can use this API for multiple use cases: |
| 69 | + |
| 70 | +### Shared Branches / Sandboxes |
| 71 | + |
| 72 | +When building a collaborative code editor, you can allow multiple users to connect to the same branch and collaboratively edit files without the ability to affect each other. Every user can have their own secrets (like git token) stored in `~/.private` so they can commit and pull with their own credentials without sharing those credentials with others. |
| 73 | + |
| 74 | +### Anonymous Previews |
| 75 | + |
| 76 | +If you want to share a sandbox with someone else, and give them access to reading files & shells, you can create a read-only session when they connect to the sandbox. This way they can see what's running, and how it works, but they cannot change the code. If they want to make changes, you can call `sandbox.fork()` to create a copy and give them access to a write session there. |
0 commit comments