Channels
#support-questions
missing cookies
# support-questions
z
ZeferiniX
04/15/2023, 2:28 PMthis is really baffling to me but maybe someone has an idea, I'm trying to move to ESM and all of a sudden,
createNewSessionsupertokens-noder
rp
04/15/2023, 2:41 PMhey @ZeferiniX which version of the SDK are you using?
z
ZeferiniX
04/15/2023, 2:41 PM"supertokens-node": "13.4.1"
with docker image
supertokens/supertokens-postgresql:4.6
r
rp
04/15/2023, 2:43 PMright. When making the request to sign in, are you setting the
st-auth-mode: "cookie"our frontend SDK set's this by default, but in case you are not using our frontend SDK, or querying the API manually, then you need to set this header.
z
ZeferiniX
04/15/2023, 2:44 PMr
rp
04/15/2023, 2:44 PMby default the createNewSession function uses non cookie based session
so you need to set this header in the request and then it will set it in cookies instead
z
ZeferiniX
04/15/2023, 2:46 PMlet me try
r
rp
04/15/2023, 2:58 PMrefresh token should also be set. See the response headers
r
rp
04/15/2023, 3:00 PMyea
z
ZeferiniX
04/15/2023, 3:00 PMI suppose the Frontend SDKs automatically grabs that but previously, the Backend SDKs sets these server-side
r
rp
04/15/2023, 3:00 PMthat happens now as well.
r
rp
04/15/2023, 3:01 PMin the response headers?
to see the refresh token, you have to navigate to the refresh token path on your api domain
chrome deosn't show it otherwise
z
ZeferiniX
04/15/2023, 3:02 PMit's in the response headers as well
oh
r
rp
04/15/2023, 3:03 PMyup
z
ZeferiniX
04/15/2023, 3:03 PMis this documented somewhere?
other than this, I couldn't figure this out xD
r
rp
04/15/2023, 3:06 PM> is this documented somewhere?
The migration? That's in the changelog of the SDKs on our github.
z
ZeferiniX
04/15/2023, 3:10 PMno, the
st-auth-modesAccessTokensRefreshTokenreqcreateNewSessionr
rp
04/15/2023, 3:12 PMso in v12, the refresh token behaviour was the same (you had to navigate to the refresh path as well)
z
ZeferiniX
04/15/2023, 3:13 PMwe have a workaround in our local dev env backend where we expose a GET endpoint that automatically logs in a superadmin when it gets hit, the access and refresh tokens just gets set and seen in chrome dev tools but in v13, that's not the case anymore
r
rp
04/15/2023, 3:13 PMim quite sure that the refresh token behaviour is the same as before
the only diff is that now you need to set st-auth-mode header in the request (which our frontend sdk does on its own)
z
ZeferiniX
04/15/2023, 3:14 PMhttps://cdn.discordapp.com/attachments/1096804291022438411/1096815916609708143/chrome_2023_04_15_231435387.gifâ–¾
from this GIF, I hit the GET endpoint and only the
sAccessTokenst-auth-modein v12, both access and refresh tokens gets set
r
rp
04/15/2023, 3:15 PMyou need to navigate to the apidomain/auth/session/refresh on the browser and you will see the refreesh token
this is a chrome thing
not a supertokens thing
cause refresh token is being set. Chrome isn't showing it unless you navigate to the refresh path
you can try firefox instead and you will see
cause firefox shows all cookies for a domain regardless of the path
z
ZeferiniX
04/15/2023, 3:19 PMohh..
https://cdn.discordapp.com/attachments/1096804291022438411/1096817072933175296/image.pngâ–¾
that cookie has a path value now in v13 is what you meant
r
rp
04/15/2023, 3:20 PMit used to have a path before as well
z
ZeferiniX
04/15/2023, 3:20 PMwait really
r
rp
04/15/2023, 3:20 PMagain, this is a chrome thing..
yup
z
ZeferiniX
04/15/2023, 3:20 PMdamn
r
rp
04/15/2023, 3:20 PManyhow, hope this helped 🙂
z
ZeferiniX
04/15/2023, 3:21 PMyeah I see it on firefox, welp, I'll look into this chrome quirk
thank you very much!