Hi I have an api that takes sessionHandle as an api and revoke that session But the frontend is stil...

krrishan

10/18/2023, 2:08 PM

Hi I have an api that takes sessionHandle as an api and revoke that session But the frontend is still able to surpass the auth guard and access our apis How to handle that ? I am using nest js

rp_st

10/18/2023, 2:43 PM

it's cause the access token is stateless

krrishan

10/18/2023, 2:46 PM

How to modify the api to logout the user ?

rp_st

10/18/2023, 2:46 PM

https://supertokens.com/docs/session/common-customizations/sessions/access-token-blacklisting

krrishan

10/18/2023, 2:58 PM

Thanks But here comes another error : Error: Cannot set headers after they are sent to the client Using guard provided in the nestjs documentation https://supertokens.com/docs/session/nestjs/guide#7-add-session-verification-guard

rp_st

10/18/2023, 2:58 PM

Have you followed our nestjs guide properly? With the error handler and stuff?

krrishan

10/19/2023, 6:07 AM

Yes

krrishan

10/19/2023, 7:52 AM

The issue is that I am also using my custom exception filter that handles all other errors And the auth guard sets some headers if session get expired I dont want to set any headers How to modify verifySesion code or how to merge the code to avoid setting headers

rp_st

10/19/2023, 7:55 AM

then you should not use verifySession. Instead, use https://supertokens.com/docs/session/common-customizations/sessions/session-verification-in-api/get-session#using-getsession-without-req--res-objects

Previous Next

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).