sure. We can have the call now. Though I have never used discord video call.. So i might be a little new to that. haha

Neither have I🥴

let's try it out!

DMed you.

Hey can you give my Reddit post an upvote or two? https://www.reddit.com/r/node/comments/fpae2k/i_was_recommended_supertokens_for_auth_in_reddit/

oh! this is great. thank you!!

Will get it upvoted 🙂

🙂 🙂

it's quite well written!

Anything you want me to include that I missed, lmk

It's great! If there is anything, I shall let you know.

hey @User , please find the postgreSQL docker images here: https://hub.docker.com/r/supertokens/supertokens-postgresql

Awesome stuff!, do you recommend to use this during dev or later on in development?

use it during dev as well. Personally, I always prefer docker.

If you find any issues with it, please let me know

But you can hold on to your setup for now - until we have all the docker docs done. I shall let u know

Just about to ask, I think ill wait for docs

yeah!

👍

Hey RP, quick question: Does 'getSession()' call the DB? and one more important question: /refreshSession endpoint can be called an infinite number of times, making as many sessions as you want, shouldnt this only be able to be called when the previous session has expired?

(infinite number of times until refresh token has expired, but still)

last question: at one point will we be able to replace all of this with redis, as it's faster or is that less secure?

getSession deosn't call the db 99% of the time. /refreshSession will yield a new token in db like you say

but thats only in the community version

in the pro one, it doesn't create new tokens in the db.

which is an optimisation

shouldnt /refreshSession be limited to only working once the previous session has expired?

Since the access token is not sent to this API, there is no way of knowing that if we should allow this API to return a new refresh token or not, based on the access token's expiry. So we make it so that for each call to this API, a new refresh token is generated (which also adds more security).

The reason the access token is not sent it cause when it expires, the browser doesn't send it anymore.