Hello, under which case does the verifySession mid...
# support-questions-legacyr
rajivharlalka
03/01/2022, 2:23 PMHello, under which case does the verifySession middleware return
message: unauthorisedr
rp_st
03/01/2022, 2:28 PMIt would return that if the session tokens are missing from the request.
rp_st
03/01/2022, 2:29 PMYou can see the import path here: https://supertokens.com/docs/thirdpartyemailpassword/common-customizations/verify-session
rp_st
03/01/2022, 2:29 PMEssentially it's
import { verifySession } from "supertokens-node/recipe/session/framework/express";r
rajivharlalka
03/01/2022, 2:41 PMI was testing my api with the verify middleware using postman.
- Logged in using OTP from email and got the session token
rajivharlalka
03/01/2022, 2:42 PMThen tried accessing the route with the middleware , but gettign this error.
r
rp_st
03/01/2022, 2:42 PMHmmmm.
rp_st
03/01/2022, 2:43 PMWhat’s the domain and path of the sAccessToken?
rp_st
03/01/2022, 2:44 PMI mean is there a way to verify that postman is actually sending the cookies in the request?
r
rajivharlalka
03/01/2022, 2:46 PMI am using cookies for the time using postman , so I dont have much of an idea. Would try finding something on postman.
rajivharlalka
03/01/2022, 2:46 PMdidnt find domain in the sAccessToken , the path was '/'
r
rp_st
03/01/2022, 3:13 PMHmmm.
rp_st
03/01/2022, 3:19 PMIf you can see how to know if cookies are sent or not via postman, that can help
rp_st
03/01/2022, 3:34 PM@User did you solve this problem already?
r
rajivharlalka
03/01/2022, 3:38 PMNo, ig I am having some issues with my postman itself.
rajivharlalka
03/01/2022, 3:39 PMTrying to find a get around with it.
r
rp_st
03/01/2022, 3:39 PMHmm. Does it work on the browser? When u actually call the API via code?
r
rajivharlalka
03/01/2022, 3:40 PMDo you mean through frontned?
r
rp_st
03/01/2022, 3:40 PMYes
r
rajivharlalka
03/01/2022, 3:46 PMWe actually do not have a frontend ready
r
rp_st
03/01/2022, 3:46 PMHmm
rp_st
03/01/2022, 3:46 PMFree for a quick debug call now?
rp_st
03/01/2022, 3:51 PMoh right! I think i know. The cookie has secure attribute. And you are querying http not https. So the cookies don't get sent
rp_st
03/01/2022, 3:52 PMWhat is the value of apiDomain on the backend? Is it
https://...http://...r
rajivharlalka
03/01/2022, 4:35 PMSorry got offline that time. The api currently is in localhost so yes it is http .
r
rp_st
03/01/2022, 4:35 PMIs the apiDomian https?
rp_st
03/01/2022, 4:36 PMIn the appInfo config
r
rajivharlalka
03/01/2022, 4:37 PMHad set that to the possible domain we gonna use soon i.e. https://griffin.com
r
rp_st
03/01/2022, 4:37 PMI see. So while your testing it on localhost, it needs to be set to that
rp_st
03/01/2022, 4:38 PMOtherwise cookies don’t work properly
r
rajivharlalka
03/01/2022, 4:38 PMJust a sec trying with that
rajivharlalka
03/01/2022, 4:39 PMYes it worked.
rajivharlalka
03/01/2022, 4:40 PMThanks a lot. Can you explain why was that happening exactly
rajivharlalka
03/01/2022, 4:40 PMHow was that apiDomain responsible for setting cookies on Postman
r
rp_st
03/01/2022, 4:41 PMThe apiDomain you had set had https in it. So the cookies then have a secure attribute to them. This means that postman would send those cookies only if you query https. But you were querying http, so that’s why it didn’t work
r
rajivharlalka
03/01/2022, 4:48 PMOkk, this makes sense. Thanks a lot again 😄✌️
9 Views