I am working currently on the multitenancy as subd...
# support-questions-legacys
Sekai
02/22/2024, 5:26 PMI am working currently on the multitenancy as subdomain in my app and I am not getting the session when authorizing the role of the user it doesn't get pass the verifySession. Even though I am signed in correctly and I am using the prebuiltUI as well. I will attach the debug log and the signed network log
r
rp_st
02/22/2024, 5:28 PMhey @Sekai whats the request header of the API call look like in which you get a 401?
s
Sekai
02/22/2024, 5:32 PMr
rp_st
02/22/2024, 5:45 PMwhats the configured apiDomain on the frontend? and whats the URL you are sending the API request to in the above screenshot? Do those values match?
s
Sekai
02/22/2024, 5:48 PMthe apiDomain is http://example.com:3000 I made the localhost in an alias so that the subdomain works
Sekai
02/22/2024, 5:49 PMthe url for api request has a subdomain so like http://subdomain.example.com:3000
r
rp_st
02/22/2024, 5:49 PMright. So thats why it's not working
s
Sekai
02/22/2024, 5:50 PMOh I see
Sekai
02/22/2024, 5:50 PMhow can I make it work?
r
rp_st
02/22/2024, 5:50 PMbut, you can get it to work. See this: https://supertokens.com/docs/session/common-customizations/sessions/share-sessions-across-sub-domains
s
Sekai
02/22/2024, 5:50 PMohh I needed to share the session
Sekai
02/22/2024, 5:51 PMI thought this was for frontend only
Sekai
02/22/2024, 5:51 PMthat makes sense
Sekai
02/22/2024, 6:01 PMhmm @rp_st I tried adding the sessionTokenFrontendDomain: ".example.com" in the frontendConfig and it is working since I was able to access example.com when I only logged into the subdomain.example.com but I still have the same issue do I need to work on configuring the accessTokenPayload talked about here?
r
rp_st
02/22/2024, 6:02 PMnot sure what you mean. Is the access token now being sent as a st-access-token header in the request headers (not in cookies)?
s
Sekai
02/22/2024, 6:08 PMIt's sending like this
Sekai
02/22/2024, 6:08 PMr
rp_st
02/22/2024, 6:08 PMstill not intercepting
rp_st
02/22/2024, 6:08 PMenable our frontend debug logs and show the output when you call this API please.
s
Sekai
02/22/2024, 6:12 PMI think it's this
r
rp_st
02/22/2024, 6:12 PMYea. Copy and send
s
Sekai
02/22/2024, 6:14 PMIs it suppose to do this?
Sekai
02/22/2024, 6:15 PMalso what do you mean by copy and send
r
rp_st
02/22/2024, 6:16 PMSend the logs over in a file please
s
Sekai
02/22/2024, 6:17 PMohh
Sekai
02/22/2024, 6:19 PMr
rp_st
02/23/2024, 4:36 AMinstead of setting sessionTokenFrontendDomain, set the sessionTokenBackendDomain to
.example.coms
Sekai
02/23/2024, 4:14 PMOhh tyty I didn't see that in the docs
Sekai
02/23/2024, 4:21 PMhmm that didn't work
Sekai
02/23/2024, 4:21 PMit keeps on refreshing session
Sekai
02/23/2024, 4:25 PM@rp_st I think I found the issue in that for the sign in when I check the network tab the url sends the sign in to example.com even though I signed into the subdomain.example.com so example.com has the access token in the cookie but subdomain.example.com doesn't
r
rp_st
02/23/2024, 4:31 PMAre these your frontend domains or backend?
s
Sekai
02/23/2024, 4:33 PMfor the subdomain.example.com it's the frontend so in the url it says that but when I check the backend from the network tab it says example.com
r
rp_st
02/23/2024, 4:34 PMRight. So you also need to set sessionTokenFrontendDomain
s
Sekai
02/23/2024, 4:35 PMI did both but it still fails and now there is a infinite loop on refresh session
Sekai
02/23/2024, 4:59 PMI fixed it
Sekai
02/23/2024, 4:59 PMI think
Sekai
02/23/2024, 5:02 PMI had to make the api domain for the frontend window.location.origin as well
r
rp_st
02/23/2024, 5:07 PMSounds good
13 Views