SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Does `supertokens-web` attempt a refresh on all 401s by default, or only when other response headers are also found (e.g. `rid`)? I saw my front-end looping requests when my API sent back an explicit 401 (not from `supertokens-node`, but from my own controller). It's fixed if I set the `sessionExpiredStatusCode`, but I thought there would be some other logic besides attempting a refresh on all 401s. Is this intended? I'm on `"supertokens-website": "^10.1.0",` and `"supertokens-node": "^9.2.3"`

Hey! Yea. It attempts refreshing on all 401 (except for when the refresh api returns that)

So either don’t send a 401 explicitly from your APIs, or change the status code (as you already pointed out)