https://supertokens.com/ logo
y

yzs

04/26/2022, 7:27 AM
hi, i'm having a hard time getting 'supertokens-website' to work, help please 😅
attemptRefreshingSession
and
doesSessionExist
keep returning
false
Copy code
ts
const api = axios.create({ baseURL: '/api', timeout: 5_000 });
SuperTokens.addAxiosInterceptors(api);

SuperTokens.init({
  apiDomain: 'http://localhost:3000',
  apiBasePath: '/api/auth',
});

async function signIn(form) {
  const res = await api.post('/auth/signin', form); 
  // {"status":"OK","user":{"email":"test@gmail.com","id":"de770ff7-4524-4108-994f-717c1d12bec4","timeJoined":1650956757303}}
  // the set-cookie headers are also present, and cookies are saved correctly

  const attemptRefreshingSession = await SuperTokens.attemptRefreshingSession();
  const doesSessionExist = await SuperTokens.doesSessionExist()
  console.log(attemptRefreshingSession, doesSessionExist); // false, false
}
r

rp

04/26/2022, 7:56 AM
hi, i'm having a hard time getting 'supertokens-website' to work, help please 😅
attemptRefreshingSession
and
doesSessionExist
keep returning
false
Copy code
ts
const api = axios.create({ baseURL: '/api', timeout: 5_000 });
SuperTokens.addAxiosInterceptors(api);

SuperTokens.init({
  apiDomain: 'http://localhost:3000',
  apiBasePath: '/api/auth',
});

async function signIn(form) {
  const res = await api.post('/auth/signin', form); 
  // {"status":"OK","user":{"email":"test@gmail.com","id":"de770ff7-4524-4108-994f-717c1d12bec4","timeJoined":1650956757303}}
  // the set-cookie headers are also present, and cookies are saved correctly

  const attemptRefreshingSession = await SuperTokens.attemptRefreshingSession();
  const doesSessionExist = await SuperTokens.doesSessionExist()
  console.log(attemptRefreshingSession, doesSessionExist); // false, false
}
Hey @yzs
Can you enable debug logging in the backend SDK and show the output when you make the signin api call?
y

yzs

04/26/2022, 8:33 AM
i'm using docker-compose for the backend sdk, trying to set env like this, but it does not seem to work
Copy code
DEBUG: com.supertokens
SUPERTOKENS_DEBUG: '1'
@rp
i think this is what you asked for @rp
r

rp

04/26/2022, 8:50 AM
not these logs. The logs that the python process produces.
Which version of the python SDK are you using?
y

yzs

04/26/2022, 9:05 AM
i'm not sure, but i'm using docker image registry.supertokens.io/supertokens/supertokens-postgresql
and supertokens-node@9.2.0
Copy code
You are using SuperTokens Community
SuperTokens Core version: 3.12.1
Plugin Interface version: 2.13.0
Database Plugin name: postgresql
Database Plugin version: 1.15.0
Java version: OpenJDK 15.0.1
Installation directory: /usr/lib/supertokens
here are the logs you asked @rp
one more thing - everything seemed to work for a couple of times after i restart my laptop, maybe it's some kind of security thing for too many refresh attempts?
r

rp

04/26/2022, 10:22 AM
whats the logs that you get when you start the server?
whats the response headers from the sign in API?
Can I see a sreenshot of it?
the headers
y

yzs

04/26/2022, 10:28 AM
request headers POST /api/auth/signin HTTP/1.1 Accept: application/json, text/plain, / Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9,ru-KZ;q=0.8,ru;q=0.7 Cache-Control: no-cache Connection: keep-alive Content-Length: 95 Content-Type: application/json Cookie: sIRTFrontend=remove; sAccessToken=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsInZlcnNpb24iOiIyIn0%3D.eyJzZXNzaW9uSGFuZGxlIjoiYTY0ZjQ1NzEtY2ZlZi00MWQ2LWIwZTUtNmM4MTFiYjdjM2NjIiwidXNlcklkIjoiZGU3NzBmZjctNDUyNC00MTA4LTk5NGYtNzE3YzFkMTJiZWM0IiwicmVmcmVzaFRva2VuSGFzaDEiOiI1OGM4YTAyZDM4NTcwYjhmZDM0ZWJiYmMxOWNjZDdmM2YyMjFjMTczYjIwMThiZmYyYTFiOGM0YzNhOWY0Zjk1IiwidXNlckRhdGEiOnsic29tZUtleSI6InNvbWVWYWx1ZSJ9LCJleHBpcnlUaW1lIjoxNjUwOTcyMzEyNDM2LCJ0aW1lQ3JlYXRlZCI6MTY1MDk2ODcxMjQzNiwibG1ydCI6MTY1MDk2ODcxMjQzNn0%3D.NuuVmjrvQZyvdP9Y%2BuhGagFz4n998%2F7WbPTbynuJ4dL4e6koqEiRHE7wIEIRFIP52paFRNw6SzZ%2F0BAvaKPkFfFgx7JIf6CODHOBP278Qdc15llRhxVcRgE3HxW8tDXWuzYufoaoHiTntmZk%2B2D0HxGMrh%2Fv7%2Fz%2BXm5aQU%2FZs29LGt3DPZuIhFfcRa3mYxyq5cDmRTAex4NZl5rpEc3GGgp9sZFi3Z9jDWDVnAIomE8XCjxyqeEF6w%2BLW8S5xMXiLuiHSdlAfb5u86PgcDW4N9pIQGxOxe9Ew%2FGiHEXBSkcTD%2B9t5QstTuQZrYZDmFsPd0fdDA%2FQm4v8RGr3yLLBzQ%3D%3D; sIdRefreshToken=39efd9e7-ce88-49e4-990c-248113926edc Host: localhost:4000 Origin: http://localhost:4000 Pragma: no-cache Referer: http://localhost:4000/login Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.127 Safari/537.36 sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Google Chrome";v="100" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows"
response headers HTTP/1.1 200 OK access-control-allow-origin: http://localhost:4000 x-powered-by: Express vary: Origin access-control-allow-credentials: true front-token: eyJ1aWQiOiJkZTc3MGZmNy00NTI0LTQxMDgtOTk0Zi03MTdjMWQxMmJlYzQiLCJhdGUiOjE2NTA5NzI0MTQ5ODEsInVwIjp7InNvbWVLZXkiOiJzb21lVmFsdWUifX0= access-control-expose-headers: front-token, id-refresh-token set-cookie: sAccessToken=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsInZlcnNpb24iOiIyIn0%3D.eyJzZXNzaW9uSGFuZGxlIjoiOGE4Yjc1MjktZDlhMi00ZTVmLTk2ZjYtNWQyMjk3MTI1ZDU2IiwidXNlcklkIjoiZGU3NzBmZjctNDUyNC00MTA4LTk5NGYtNzE3YzFkMTJiZWM0IiwicmVmcmVzaFRva2VuSGFzaDEiOiI2MzJkZjJkNTZhNDYwZjVhNDc1ZDEwZmNiMDRjYmY5OTY5NTU2OGZjYjIwZDRhMmZiNDk2NmI0N2NhZTQzNTU1IiwidXNlckRhdGEiOnsic29tZUtleSI6InNvbWVWYWx1ZSJ9LCJleHBpcnlUaW1lIjoxNjUwOTcyNDE0OTgxLCJ0aW1lQ3JlYXRlZCI6MTY1MDk2ODgxNDk4MSwibG1ydCI6MTY1MDk2ODgxNDk4MX0%3D.W1u%2BRuSuK%2F8EwfXra81I1o%2BbocwGNanwg4rtGtu85CM4f0q1he2Xh723Ei83t5SeDqHy96mnRiSaetjkztH%2BBrlHBiK6NlTwzBpTID8SVr517k6ajPoTuAMoVWoXjh7%2BQB%2FraA04825UNWdO8NgLl21xIc2ODy4pKs7RCCivGsWF2k8LDggKzE8mkXeTR1aqpaFuMa6h26qkzJ1vJwyeoTATKNjzaibl%2BdADGpBDowbfKk%2Fgc7Pa9me%2B7H%2BxHRwZjG2Cr6oAXKwf6vwVTjzS%2B6ZBXW5ZLDRQyhUl0L9QmPLHArX3HiyQlC51as94FHlAVgah%2BzgG6mdfDdnQ3DHlCQ%3D%3D; Path=/; Expires=Tue, 26 Apr 2022 11:26:54 GMT; HttpOnly; SameSite=Lax set-cookie: sRefreshToken=5tDwjdwF222%2FEZGgzzCuUdVxBcvx82%2By%2FeEUqH4Vyvu%2FukrpJn9Kab1tUsfh5LhU3eZk6COeT%2FCgzzctss%2FwdneQEhovBSKVZH3TIj8TX0D%2Bl2wWshgxZwFd1fzGwRYa2mMNydm1HbjRcVOoyP3C8QY%2B3zGxdCoK9pE90ulhCRl8dOMHiuZcDke0BDyUhoIO8z0gVT9t0XepXVd2sFo15DimuZUI9lkuTs3xRIEW9FAw%2BCODObVgFuWPeGBHNYfzMA3jpgF0b81i2s6o4gNI.57ccab65e879af0381f7dc28991906597742bfa2a53ff3a936804317b0377093.V2; Path=/api/auth/session/refresh; Expires=Thu, 04 Aug 2022 10:26:54 GMT; HttpOnly; SameSite=Lax set-cookie: sIdRefreshToken=bfe1f040-7d3f-451c-86b5-b7612ac874c8; Path=/; Expires=Thu, 04 Aug 2022 10:26:54 GMT; HttpOnly; SameSite=Lax id-refresh-token: bfe1f040-7d3f-451c-86b5-b7612ac874c8;1659608814981
r

rp

04/26/2022, 10:29 AM
hmm so that seems fine
Is there any orange triangle at the end of the "set-cookie" header?
y

yzs

04/26/2022, 10:30 AM
no, cookies work fine, i checked the cookies tab in devtools too
r

rp

04/26/2022, 10:31 AM
Can you send a screenshot of the cookies tab after calling the sign in API?
y

yzs

04/26/2022, 10:32 AM
wow, funny thing, if i clear all cookies before making a signin request it all starts working
r

rp

04/26/2022, 10:32 AM
huh.....
that seems about right
y

yzs

04/26/2022, 10:33 AM
ok, that prev screenshot is when it's working
r

rp

04/26/2022, 10:33 AM
delete the sAccessToken only, then make an API call that requires session verification and see if it successfully refreshes it?
y

yzs

04/26/2022, 10:33 AM
but then this cookies only are present when it does not work
r

rp

04/26/2022, 10:34 AM
so the frontend thinks that the session deosn't exist
that can happen if you have not added the interceptors when making the call to the login API
i see that in the code you have added interceptors, but is there any other instance where you are logging in and you haven't added interceptors?
y

yzs

04/26/2022, 10:36 AM
no, i use only this axios instance
r

rp

04/26/2022, 10:36 AM
hmm
y

yzs

04/26/2022, 10:36 AM
also when everything works (when i clear the cookies before request) backend sees the session
but when it doesn't work the backend does not see the session too
r

rp

04/26/2022, 10:37 AM
so when everything works, when does it stop working?
y

yzs

04/26/2022, 10:37 AM
can you maybe tell why there are less cookies in the screenshot that i sent to you?
when i log out, and try to log back in
r

rp

04/26/2022, 10:37 AM
ahhh i see.
So when you logout, how are you doing that?
Also, in the screenshot you sent, there are less cookies cause the frontend thinks the session deosn't exist and has removed the frontend set cookies
y

yzs

04/26/2022, 10:39 AM
i call SuperTokens.signOut()
r

rp

04/26/2022, 10:39 AM
and the response headers for that?
can i see those headers?
y

yzs

04/26/2022, 10:39 AM
HTTP/1.1 200 OK X-Powered-By: Express Access-Control-Allow-Origin: http://localhost:4000 Vary: Origin Access-Control-Allow-Credentials: true Set-Cookie: sAccessToken=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=Lax Set-Cookie: sRefreshToken=; Path=/api/auth/session/refresh; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=Lax Set-Cookie: sIdRefreshToken=; Path=/; Expires=Thu, 01 Jan 1970 00:00:00 GMT; HttpOnly; SameSite=Lax id-refresh-token: remove Access-Control-Expose-Headers: id-refresh-token Content-Type: application/json; charset=utf-8 Content-Length: 15 ETag: W/"f-v/Y1JusChTxrQUzPtNAKycooOTA" Date: Tue, 26 Apr 2022 10:38:35 GMT Connection: keep-alive Keep-Alive: timeout=5
r

rp

04/26/2022, 10:40 AM
right. So that seems fine too.. it remvoes the cokoies as expected
but the browser still keeps the cookies.
weird..
y

yzs

04/26/2022, 10:40 AM
this is cookies after signOut()
r

rp

04/26/2022, 10:40 AM
so that's correect too then
so if you try to sign in now, it will not work?
y

yzs

04/26/2022, 10:41 AM
no
doesSessionExists() returns false, but cookies are present again
r

rp

04/26/2022, 10:42 AM
so strange..
y

yzs

04/26/2022, 10:42 AM
yes
so strange
r

rp

04/26/2022, 10:42 AM
the only explanation i have is that somehow, after sign out, the intercepor it not being applied
can you use fetch instead of api.post for the sign in call and see if this happens?
Cause if it works fro fetch, then I can be sure it's a problem with the interceptor not being applied correctly.
y

yzs

04/26/2022, 10:44 AM
ok, i'll try that now
wow, everything works just fine
r

rp

04/26/2022, 10:48 AM
yeaa. So please just check if you are adding the interceptor for sure all the time
y

yzs

04/26/2022, 10:50 AM
ok, even when searching for axios in my code i it only 4 times because i only use the instance
i guess i better use fetch for now 😅
thanks for making time to help me 🙏
r

rp

04/26/2022, 10:51 AM
that's.. really odd though.
axios should work just fine.. tons of our users use it.. hehe
y

yzs

04/26/2022, 10:52 AM
omg i think i'm dumb
baseURL : '/api'
instead of
baseURL: 'http://localhost:3000/api'
r

rp

04/26/2022, 10:53 AM
oh.. yea.. but then how come the sign in API was getting called?
y

yzs

04/26/2022, 10:53 AM
bc i was using proxy earlier
r

rp

04/26/2022, 10:53 AM
ohhh i see.
y

yzs

04/26/2022, 10:53 AM
idk lol
r

rp

04/26/2022, 10:53 AM
> bc i was using proxy earlier
y

yzs

04/26/2022, 10:54 AM
sorry for being dumb and thanks for your time 🫂
r

rp

04/26/2022, 10:54 AM
hehe.. don't worry about it. Happens to the best of us 🙂
happy to help
6 Views