WonderPandaDev
04/19/2023, 10:32 PMrp
04/20/2023, 6:40 AMnone
(or use header based auth), if the website domains are not sharing the same base domainsWonderPandaDev
04/20/2023, 2:34 PMrp
04/20/2023, 2:35 PMWonderPandaDev
04/20/2023, 2:38 PMrp
04/20/2023, 2:40 PMsessionTokenFrontendDomain
on the frontendWonderPandaDev
04/20/2023, 2:45 PMSession.createNewSession
and then trying to do response.redirect
to our frontend application but it seems like the cookies aren't set using this approachrp
04/20/2023, 2:54 PMWonderPandaDev
04/20/2023, 2:55 PMrp
04/20/2023, 2:55 PMWonderPandaDev
04/20/2023, 2:59 PMresponse.cookie(REFRESH_TOKEN_COOKIE_NAME, refreshToken, {
httpOnly: true,
domain: this.baseHostName,
});
response.redirect(redirectUrl);
Now, we're trying to switch over to SuperTokens. I assumed we'd be able to just do Session.createNewSession
and then still use response.redirect
but the cookies aren't set this wayrp
04/20/2023, 3:13 PMWonderPandaDev
04/20/2023, 3:14 PMfront-token
, st-access-token
and st-refresh-token
are all on the responserp
04/20/2023, 3:16 PMst-auth-mode: cookie
header is missing from the request. If you want to enable cookie based auth regardless of this header being there or not, you can provide the tokenTransferMethod
on the backend's session.init to return cookie
WonderPandaDev
04/20/2023, 3:19 PMrp
04/20/2023, 3:20 PM