https://supertokens.com/
Join Discord
Menu
Home
Archive
Hi I'm using react in frontend , and fastapi in backend. When I use signout function it is called fo...
# support-questions-legacy
a
Hi I'm using react in frontend , and fastapi in backend. When I use signout function it is called form the backend and it return 200 , but the frontend session tokens is not cleared, any suggestions ?
r
hey @ahmed1934
For the frontend token to be cleared: - You will need to call the sign out function from the frontend; OR - Wait for the frontend to refresh the session and then they will be cleared.
Session verification on the backend happens in a stateless manner, so until the session is refreshed, it will continue to work.
a
I add this to frontend , async function onLogout() { await signOut(); window.location.href = "/"; }
r
that seems right
a
It doesn't remove the tokens
r
can i see the response headers for the sign out API call?
a
"OPTIONS /auth/signout HTTP/1.1" 200 OK
r
right. WHat about the POST request?
a
of the session refresh ?
r
no. Of the sign out API
the browser is making the OPTIONS call, but what about the POST call?
a
there are no post request
r
right. Do you see any erorrs on the browser console?
a
When I click sign out : Unchecked runtime.lastError: The message port closed before a response was received.
r
are there any CORS related errors?
Does the backend API log any error?
a
But the signout in the backend, is called once, but when I click on it again form the same session the backend doesn't response. So, I think this means that the backend is working fine , the problem is with clearing the cookies
No
r
thats weird.. if the browser doesn't make the POST call, then how is it being called on the backend?
can you send me a screenshot of the browser console
a
r
signout GET is being called.. thats weird.. it's a POST API
are you calling the sign out API manually yourself?
a
I think this was a problem because I tried to overwrite the default signout , but nvm
The default is POST, and it is called once , and then the frontend cookies is not removed , so the sign in page is not appear
r
POST is not called
OPTIONS is called
a
yes exactly
r
so normally, OPTIONS gets called, and then the browser sends a POST request
the POST one is missing.. im not sure why.
a
r
have you tried to google the error shown on the browser console?
it seems very strange
a
INFO: 127.0.0.1:52003 - "OPTIONS /auth/session/refresh HTTP/1.1" 200 OK INFO: 127.0.0.1:52008 - "POST /auth/session/refresh HTTP/1.1" 401 Unauthorized
This is printed when I delete the session cookies manually
It is normal I think it is not related to the problem
r
well then im not sure why the browser is not calling the POST API
a
INFO: 127.0.0.1:52003 - "OPTIONS /auth/session/refresh HTTP/1.1" 200 OK INFO: 127.0.0.1:52008 - "POST /auth/session/refresh HTTP/1.1" 401 Unauthorized INFO: 127.0.0.1:52050 - "OPTIONS /auth/signin HTTP/1.1" 200 OK INFO: 127.0.0.1:52054 - "POST /auth/signin HTTP/1.1" 200 OK INFO: 127.0.0.1:52052 - "OPTIONS /auth/signout HTTP/1.1" 200 OK
This is all what happens from deleting the session manually , and then signin , then clicking sign out
r
what do you mean by deleting the session manually?
and regardless
a
I go to cookies from application tab in the browser and clear the cookie
r
if you see, the OPTIONS API is called, but the POST is not called for signout
which is the problem
what is the result of the OPTIONS API for signout?
the response headers for that
a
200 ok
r
tell me the full response headers
a
INFO: 127.0.0.1:52052 - "OPTIONS /auth/signout HTTP/1.1" 200 OK
r
can you send me the screenshot on chrome for the request
click on the request
and you will see response and request headers for it
i want to see that
a
This what I see when I click signout , as alll other requests are deleted when I click on signout
r
ah i see. are they deleted because you navigate away?
Also, you can click on preserve log option and then the requests won't be deleted
a
The post request is canceled
r
right.. so thats the issue
a
And in the backend it says GET
not found , as it should be POST not get
r
yea.. it should not be get
can you remove the 
window.location.href = "/";
part from the logout function?
and see what happens
a
same problem
r
so is there something else that is navigating away in your app?
so maybe you are calling logout and navigating away without awaiting for logout to finish
a
Okay, I think this maybe the case as I'm adding it on router link
I will try it and see what happen
r
ok
a
Worked Thanks a lot
r
great
a
How could I handle any path form the frontend in the backend. For example, When I use mylink.com/auth I add it to allow CORS list to be authorized . Now , I'm adding verification , So, it is going to other path in frontend , and it needs also to be added to allow_origin list. So, is there a way to allow any request from mylink.com , and not add every url path explicitly
r
Yes. Are you using a cors middleware on your backend? Which one?
a
The one u stated on the documentation
r
Right. That should allow all paths anyway
a
app.add_middleware(get_middleware()) app.add_middleware( CORSMiddleware, allow_origins=[ "https://mylink.net", "https://mylink.net/auth", ], allow_credentials=True, allow_methods=["GET", "PUT", "POST", "DELETE", "OPTIONS", "PATCH"], allow_headers=["Content-Type"] + get_all_cors_headers(), )
r
You can remove the /auth one. Just giving the domain is enough
a
I tried it and it didn;t work
r
What error?
a
CORS error that the mylink.com/auth is not allowed
r
Can you show me a screenshot of the error?
a
This error came when I deployed the link, and the frontend is redirected to verification by email page
r
This is not a CORS error
It’s something else
a
Is that related to CORS or what ? as this didn't happen in my localhost
r
Have you correctly set the api_domain and website_domain values on the backend and frontend?
a
yes
r
What have you set them to?
a
The signin is working fine
r
Well, can you tell me what you have set them to please?
Cause sign in may work fine even if you have incorrectly set them
a
frontend: appName: "dspkai", apiDomain: "https://dspkai.azurewebsites.net", websiteDomain: "https://dspkai3.azurewebsites.net/", apiBasePath: "/auth", websiteBasePath: "/auth" }, backend: app.add_middleware( CORSMiddleware, allow_origins=[ "https://dspkai3.azurewebsites.net", "https://dspkai3.azurewebsites.net/auth", ], allow_credentials=True, allow_methods=["GET", "PUT", "POST", "DELETE", "OPTIONS", "PATCH"], allow_headers=["Content-Type"] + get_all_cors_headers(), )
r
What’s the app_info setting on the backend?
a
app_info=InputAppInfo( app_name="dspkai", api_domain="https://dspkai.azurewebsites.net", website_domain="https://dspkai3.azurewebsites.net", api_base_path="/auth", website_base_path="/auth" ),
r
Ok. Can you enable backend debug logs and show me the output of that when you query these APIs that retune 401?
You can see the troubleshooting section in the docs for how to enable debug logs
a
INFO: 172.16.21.1:50229 - "GET /auth/user/email/verify HTTP/1.1" 401 Unauthorized
r
Those aren’t the debug logs we generate
Can you enable the supertokens debug logging
a
The debug looging is all error
r
See our docs. Troubleshooting section
Well, that just means you haven’t enabled our debug logs
a
DEBUG:com.supertokens:{"t": "2022-10-05T16:05:33.669Z", "sdkVer": "0.11.1", "message": "errorHandler: Error is from SuperTokens recipe. Message: Session does not exist. Are you sending the session tokens in the request as cookies?", "file": "supertokens.py:612"}
This is an example
r
Ah tight. Yea. I need to see all of those
Right*
Also, can you send me a screenshot of the sign in request response headers as seen on chrome network tab
a
This is the signup scenario
r
Click on the signup POST request
You will see response headers
What do you see there? Send me that screenshot
a
Request URL: https://dspkai.azurewebsites.net/auth/signup Request Method: POST Status Code: 200 OK Remote Address: 20.49.104.52:443 Referrer Policy: strict-origin-when-cross-origin
r
Can I see the screenshot please?
Of the response headers
Not a copy / paste. A screenshot
a
r
Ok got it. I think I know what’s happening
On the backend, when you do session.init
a
r
CAn you pass in a param cookie_same_site=“none”
a
Okay
in the param ?
r
I mean argument to the session.init function call
a
session.init(cookie_same_site=None)
Likethat?
r
“none” as a string
Not python None
a
okay
r
But string “none”
a
Worked can you tell me why that was happening ?
r
Well, read up on cookie same site setting and known public suffix list
2 Views
PreviousNext
Powered by

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

Powered by