https://supertokens.com/ logo
p

PitchAsh

05/05/2022, 5:27 PM
We have some areas of our frontend that are accessed by anonymous users…. But since supertokens is initialised it’s just spams the refresh api route constantly. Is there a way to turn it off, or only call refresh when logged in?
r

rp

05/05/2022, 5:30 PM
Hey! So the problem is that it calls the refresh endpoint many times per user or once for each new user?
p

PitchAsh

05/05/2022, 5:31 PM
User is not logged in, and hasn’t yet been asked to login
r

rp

05/05/2022, 5:31 PM
It should call the refresh just once per new user then. Do you find it calling it multiple times?
p

PitchAsh

05/05/2022, 5:31 PM
Its an anonymous route…. But the page has been open a couple of minutes and so far browser has spammed the refresh endpoint about 2000 times
There is no user
r

rp

05/05/2022, 5:32 PM
Huh.. so there could be another issue then
p

PitchAsh

05/05/2022, 5:32 PM
So this is a page before the user is asked to login…. So it’s anonymous
r

rp

05/05/2022, 5:32 PM
Aftwr a refresh is called, I assume you get a 401?
And then what is in the cookie store ?
p

PitchAsh

05/05/2022, 5:33 PM
I think its getting a 200 but it’s not logged in so I don’t know why it’s even calling refresh
r

rp

05/05/2022, 5:34 PM
Well. The SDK called refresh if there are no cookies at all that are set. To check it a session exists or not
Cause on browsers like safari, it wipes out frontend set cookies after 7 days of inactivity
And the refresh should not return a 200 if the user is not logged in
Can you enable debug logs on the backend and show me the output of it when refresh is called?
p

PitchAsh

05/05/2022, 5:35 PM
May have been logged in before and not logged out I guess
I’ll take a look.
r

rp

05/05/2022, 5:36 PM
But then it shouldn’t be calling refresh continuously