@User , at a high level, what you want to do is this:
- Let's say your api domain and website domain is example.com. Your api path is something like /api/*
- The session cookies will be attached to example.com in this case.
- On each request to api from the frontend, the browser will attach the session cookies for session verification. In case the access token is expired, then the api will return 401, and the frontend (our SDK) will automatically refresh the session and re-call the API again. So far so good.
- Now in case of templates, the user would navigate to example.com/somePage on their browser.
- Like always, the browser will send the access token (not refresh token) to your webserver.
- If the access token is valid, all will be good and the webserver can fetch the user's info and fill it in the template to return the html.
- Now in case the access token has expired, instead of sending a 401 to the frontend, your backend will need to send some JS / HTML that will manually refresh the session (see
https://supertokens.io/docs/website/usage/server-side-rendering).
- If manually refreshing is successful, you can reload the page and this time the access token will be valid and the user can see the content. Else, you can take the user to the login screen.
------------
From the user's point of view, this looks like: visit example.com/somePage -> see some loading screen (refresh happening) -> see content