Hey @yzs

Can you enable debug logging in the backend SDK and show the output when you make the signin api call?

i think this is what you asked for @rp

Which version of the python SDK are you using?

and supertokens-node@9.2.0

here are the logs you asked @rp

one more thing - everything seemed to work for a couple of times after i restart my laptop, maybe it's some kind of security thing for too many refresh attempts?

whats the response headers from the sign in API?

Can I see a sreenshot of it?

the headers

response headers HTTP/1.1 200 OK access-control-allow-origin: http://localhost:4000 x-powered-by: Express vary: Origin access-control-allow-credentials: true front-token: eyJ1aWQiOiJkZTc3MGZmNy00NTI0LTQxMDgtOTk0Zi03MTdjMWQxMmJlYzQiLCJhdGUiOjE2NTA5NzI0MTQ5ODEsInVwIjp7InNvbWVLZXkiOiJzb21lVmFsdWUifX0= access-control-expose-headers: front-token, id-refresh-token set-cookie: sAccessToken=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCIsInZlcnNpb24iOiIyIn0%3D.eyJzZXNzaW9uSGFuZGxlIjoiOGE4Yjc1MjktZDlhMi00ZTVmLTk2ZjYtNWQyMjk3MTI1ZDU2IiwidXNlcklkIjoiZGU3NzBmZjctNDUyNC00MTA4LTk5NGYtNzE3YzFkMTJiZWM0IiwicmVmcmVzaFRva2VuSGFzaDEiOiI2MzJkZjJkNTZhNDYwZjVhNDc1ZDEwZmNiMDRjYmY5OTY5NTU2OGZjYjIwZDRhMmZiNDk2NmI0N2NhZTQzNTU1IiwidXNlckRhdGEiOnsic29tZUtleSI6InNvbWVWYWx1ZSJ9LCJleHBpcnlUaW1lIjoxNjUwOTcyNDE0OTgxLCJ0aW1lQ3JlYXRlZCI6MTY1MDk2ODgxNDk4MSwibG1ydCI6MTY1MDk2ODgxNDk4MX0%3D.W1u%2BRuSuK%2F8EwfXra81I1o%2BbocwGNanwg4rtGtu85CM4f0q1he2Xh723Ei83t5SeDqHy96mnRiSaetjkztH%2BBrlHBiK6NlTwzBpTID8SVr517k6ajPoTuAMoVWoXjh7%2BQB%2FraA04825UNWdO8NgLl21xIc2ODy4pKs7RCCivGsWF2k8LDggKzE8mkXeTR1aqpaFuMa6h26qkzJ1vJwyeoTATKNjzaibl%2BdADGpBDowbfKk%2Fgc7Pa9me%2B7H%2BxHRwZjG2Cr6oAXKwf6vwVTjzS%2B6ZBXW5ZLDRQyhUl0L9QmPLHArX3HiyQlC51as94FHlAVgah%2BzgG6mdfDdnQ3DHlCQ%3D%3D; Path=/; Expires=Tue, 26 Apr 2022 11:26:54 GMT; HttpOnly; SameSite=Lax set-cookie: sRefreshToken=5tDwjdwF222%2FEZGgzzCuUdVxBcvx82%2By%2FeEUqH4Vyvu%2FukrpJn9Kab1tUsfh5LhU3eZk6COeT%2FCgzzctss%2FwdneQEhovBSKVZH3TIj8TX0D%2Bl2wWshgxZwFd1fzGwRYa2mMNydm1HbjRcVOoyP3C8QY%2B3zGxdCoK9pE90ulhCRl8dOMHiuZcDke0BDyUhoIO8z0gVT9t0XepXVd2sFo15DimuZUI9lkuTs3xRIEW9FAw%2BCODObVgFuWPeGBHNYfzMA3jpgF0b81i2s6o4gNI.57ccab65e879af0381f7dc28991906597742bfa2a53ff3a936804317b0377093.V2; Path=/api/auth/session/refresh; Expires=Thu, 04 Aug 2022 10:26:54 GMT; HttpOnly; SameSite=Lax set-cookie: sIdRefreshToken=bfe1f040-7d3f-451c-86b5-b7612ac874c8; Path=/; Expires=Thu, 04 Aug 2022 10:26:54 GMT; HttpOnly; SameSite=Lax id-refresh-token: bfe1f040-7d3f-451c-86b5-b7612ac874c8;1659608814981

Is there any orange triangle at the end of the "set-cookie" header?

that seems about right

that can happen if you have not added the interceptors when making the call to the login API

i see that in the code you have added interceptors, but is there any other instance where you are logging in and you haven't added interceptors?

but when it doesn't work the backend does not see the session too

when i log out, and try to log back in

So when you logout, how are you doing that?

Also, in the screenshot you sent, there are less cookies cause the frontend thinks the session deosn't exist and has removed the frontend set cookies

which calls http://localhost:3000/api/auth/signout as i can see

can i see those headers?

but the browser still keeps the cookies.

weird..

so if you try to sign in now, it will not work?

doesSessionExists() returns false, but cookies are present again

so strange

can you use fetch instead of api.post for the sign in call and see if this happens?

Cause if it works fro fetch, then I can be sure it's a problem with the interceptor not being applied correctly.

wow, everything works just fine

i guess i better use fetch for now 😅

thanks for making time to help me 🙏

axios should work just fine.. tons of our users use it.. hehe

baseURL : '/api'

instead of

baseURL: 'http://localhost:3000/api'

happy to help