Hey , I faced this security issue earlier and facing again which is a bit concerning . I am using 3rd party recipee with google sign in. I go to the my website url https://pcc-stage.fairmatic.com and I login in device 1 . I opened the same url(https://pcc-stage.fairmatic.com) in a different device altogether and when I refresh the page it logged in to that device as well with the same credentials as device 1 . NOTE : I have not added any caching at anywhere in my application. Is there any explanation for this as I am surprised how is this possible in first place . I noticed that on reloading the url in device 2 the access-token is set to cookies (st-access-token) with the same value as in device 1 which could be only done if there is any caching . Can yo help here as this is a bit concerning and a blocker to move ahead with Supertokens . Also let me know in case any request/response data is required from my side .