See this too: https://supertokens.io/docs/session/common-customizations/sessions/anti-csrf

ok this makes more sense thanks

Guys, I have verified that some APIs define a refresh token and an expiration time for the access token. However, the access token is not updated after this expiration time. Is there any possible reason for this to happen? Application problem?

Can you please tell me which SDKs of ours you are using?

It is not about specially supertokens, but any API

It will be very difficult for me to help about some other system. Cause well.. the range of possible errors is infinite

Hi, quick Q regarding log4j and supertokens core as that’s written in Java - is it using log4j?

Hey! No. We are using logback. So not affected by the exploit on log4j 🙂

Nice 🙂

Wassup guys, I read the super token article about refresh tokens and was wondering for a more less robust explanation of the process?

Hey @User we can answer this question in a few days.

@User , the way our sessions work is described briefly here: https://supertokens.io/docs/session/introduction#overview-of-session-flow

hey, my signout request is getting cancelled. I am seeing that in my network tab. However, the signin works properly. import {signOut} from "..recipe/emailpassword" signOut.then(...

Are you doing a page redirect before the signOut function has finished?

yes, as mentioned in the docs.

You need to redirect the user in the then(… block

Or you need to add an await when u call signOut

Yeah, doing the same. I am wondering if the signout function is succeasfully resolving the promise, as the http request for signout is cancelled. ?

It normally never cancels. That’s strange

The only time it gets cancelled is if the page is redirecting

Maybe try and remove the redirect and see what happens

As in does it still cancel?

May be, it some css I am importing and using on the button.

Maybe also post your code snippet here

Hey the problem is with button html tag. As I started using bootstrap, copy pasted some code for styled buttons. I observed on click of the button, the page refreshes. That caused the issue. Now I replaced that with 'a' tag & things are back to normal.

sounds good!

Hey all, using the email/password recipe how do you all handle multiple failed login attempts by users? When I've implemented custom auth in the past I just keep track of login attempts, IP's, etc. in my own database and flag or timeout based on rules I create. Does Supertokens have any settings or default for handling of failed login attempts?

hey @User we don't handle failed login attempts in any special was at the moment. But using our overrides feature, you can implement the flow you explained above (or any other flow)!

thanks!