If they are correctly set, please send a screenshot of the cookies in inspect Element after sign in and after sign out

I've configured everything correctly and I'm still seeing the cookies present after sign out

Can you please tell me the actual values of the website domain, and send the requested screenshots please?

And are you using axios? If yes, have you added the interceptors?

Not using axios

Okay. Then can I see the response headers for the sign out API request as well?

@User let’s chat here please.

Ok

Can I see a screenshot of the cookies after sign in?

It seems that the api cookies are not being set for some reason

document cookies are still there even after I sign out

Okay

I think it’s best that we get on a call to fix this. Might be some subtle isssue

Sure

I’ll ping you tomorrow and we can get on a call please?

Sure

Let's do it in the morning on EST

Yea. That works for me.

As a workaround to this I've been using incognito mode in Chrome to test the sign up flow

I see

We can sort it out tomorrow!

Sounds good! 🙂

I'm running into an error where when I make a POST request and my cookies disappear…

It's going to be a little bit hard to debug just based on the info you provided @User . We can sort it out on our call.

Hello! Can SuperTokens be used as a provider of JWTs for Netlify's Role-based access controls? Has anyone tried this? https://docs.netlify.com/visitor-access/role-based-access-control/ Context: my company has several internal websites hosted on Netlify that we would like to protect using Netlify's role-based access controls. Netlify does provide their own Identity system, but it only works on a site-by-site basis and we would like to provide a single login that is valid for several sites that are served from separate Subdomains. SuperTokens seems to have this use-case covered according to this: https://supertokens.io/docs/emailpassword/common-customizations/multi-tenancy/one-login-many-sub-domains Thanks! SuperTokens looks like a really useful tool. I have previously tried Auth-0, but could not seem to get the configuation working.

hey @User . Do all the websites: - Talk to the same API domain? - Have a common top level domain?

Thanks for quick response, @User - Not sure what

API domain

refers to. The sites are all statically hosted on Netlify if that helps clarify. I.E. there is no back end. Netlify checks for a valid JWT token before serving the page or denying access/redirecting. - They do have the same TLD.

I see. One more question: When you say "Netlify checks for a valid JWT token before serving the page or denying access/redirecting.", do you mean that Netlify checks the JWT and gives you the userId in your server logic using which you can server content specific to that user? All server side rendered..

Netlify looks for a client-side JWT that is signed with a shared secret and contains an

app-metadata

section that defines a collection of roles.

{
  "id": "some id",
  "exp": 1602522810,
  "app_metadata": {
    "authorization": {
      "roles": [
        "admin",
        "editor"
      ]
    }
  }
}

You can then tell Netlify how to redirect the user if they don't have a JWT or they don't have the valid role. More info in the docs here: https://docs.netlify.com/visitor-access/role-based-access-control/

Understood.