Hi I have an api that takes sessionHandle as an ap...
# generalk
krrishan
10/18/2023, 2:08 PMHi I have an api that takes sessionHandle as an api and revoke that session
But the frontend is still able to surpass the auth guard and access our apis
How to handle that ?
I am using nest js
r
rp_st
10/18/2023, 2:43 PMit's cause the access token is stateless
k
krrishan
10/18/2023, 2:46 PMHow to modify the api to logout the user ?
r
rp_st
10/18/2023, 2:46 PMk
krrishan
10/18/2023, 2:58 PMThanks
But here comes another error :
Error: Cannot set headers after they are sent to the client
Using guard provided in the nestjs documentation
https://supertokens.com/docs/session/nestjs/guide#7-add-session-verification-guard
r
rp_st
10/18/2023, 2:58 PMHave you followed our nestjs guide properly? With the error handler and stuff?
k
krrishan
10/19/2023, 6:07 AMYes
krrishan
10/19/2023, 7:52 AMThe issue is that I am also using my custom exception filter that handles all other errors
And the auth guard sets some headers if session get expired
I dont want to set any headers
How to modify verifySesion code or how to merge the code to avoid setting headers
r
rp_st
10/19/2023, 7:55 AMthen you should not use verifySession. Instead, use https://supertokens.com/docs/session/common-customizations/sessions/session-verification-in-api/get-session#using-getsession-without-req--res-objects
2 Views