Hey, usually the signOut flow just simply worked. ...
# support-questions
Hey, usually the signOut flow just simply worked. I called two supertokens function at the frontend side (Next.js)
Copy code
await EmailPasswordReact.signOut();
await EmailPasswordReact.redirectToAuth({ show: "signin" });
And it cleared all my cookies and redirected to the login page. It was pretty much it, but i noticed, that after i added a change password functionality to my site and after i successfully changed my password the EmailPasswordReact.signOut function call didn't cleared my cookies. I had to delete them manually then after a relogging, it worked just as before. I checked my backend(Nest.js) code and it seems fine
Copy code
  async changePassword(
    @Session() session: SessionContainer,
    @Body() changePasswordDto: ChangePasswordDto,
    @Res() res: Response
  ) {
    const { currentPassword, newPassword } = changePasswordDto;

    const userId = session.getUserId();
    const userInfo = await EmailPasswordNode.getUserById(userId);

    if (userInfo === undefined) {
      throw new Error("Should never come here");

    const isPasswordValid = await EmailPasswordNode.signIn(userInfo.email, currentPassword);

    if (isPasswordValid.status !== "OK") {
      throw new BadRequestException("Hibás jelenlegi jelszó");

    const response = await EmailPasswordNode.updateEmailOrPassword({
      password: newPassword
    }).catch((error) => {
      throw new InternalServerErrorException("Váratlan hiba");

    if (response.status !== "OK") {
      throw new InternalServerErrorException("Váratlan hiba");

    await SupertokensSession.revokeAllSessionsForUser(userId);
    await session.revokeSession();

    return res.status(401);
Do you guys have any idea what i did wrong ? Thanks for the answers in advance 🙂
Can you enable debug logging and then call the signOut API and show the logs?
Also, I noticed that you send a 401 on successful password reset above. This means it will trigger the refresh API after the change-password API is called. Is the refresh API being called?
And since you revoke the session, the refresh API should fail and the user should be logged out immediately
You should send back a 200 status code from your API and see if that makes a diff
I got solve the problem. And yeah you have right, i don't need the
await EmailPasswordReact.signOut();
and the
await EmailPasswordReact.redirectToAuth({ show: "signin" });
because like you said i only need a 401 unauthorized response back from my backend. The problem was in Nestjs the
return res.status(401);
didn't work so i replaced it to
throw new UnauthorizedException();
and it worked perfectly. I wanna say thanks to your thoughts. It really helped me find out what was wrong 🙂
I have one more question relation to this. When the browser got the 401 unauthorized response i will be redirected to the login screen. In the url i see
because i was in profile page. Can i change this somehow, because after password change i login back and got redirected back to the
page but i would like to go
Yea. You can run JS on the page to reload the page without that query param
The other way is that when you use the auth wrapper, you can set requireAuth: false, and then it won’t redirect automatically. You will then need to redirect yourself
And when you redirect yourself, you can do so without the redirectToPath query param
Cool, thanks 🙂