• r

    rp

    2 years ago
    it's only sessions that have expired.
  • r

    rp

    2 years ago
    so that you save on space.
  • bustEXZ

    bustEXZ

    2 years ago
    revokeSession remove record from refresh_token? @User
  • r

    rp

    2 years ago
    yes.
  • r

    rp

    2 years ago
    cause you are revoking that session. so its refresh_token is removed.
  • bustEXZ

    bustEXZ

    2 years ago
    good solution to remove anonymous when user authorize
  • r

    rp

    2 years ago
    yup. that is a good idea. You should do that
  • r

    rp

    2 years ago
    ideally, do the following:- authenticate a user (yielding their userId) - get current session - get sessionData from the current session - revoke old session - create a new session for userId giving it sessionData as well
  • ?

    user

    2 years ago
    Here's a problem we are running into: on our frontend, we call the logout endpoint of our API which gets the session and revokes it according to your documentation. However, after the successful logout call, calling
    SuperTokensRequest.sessionPossiblyExists()
    on the frontend still returns true.
  • ?

    user

    2 years ago
    checking in the browser, the cookies are successfully removed