Hi, Why do we have refresh token hash 1 in the cookie and refresh token hash 2 in the DB, is there any specific way the refresh token behaves? Is there any guide for supertokens-core understandings?

It's that way for security reasons. You can have a look here: https://github.com/supertokens/supertokens-core/wiki/Session-pseudo-code