https://supertokens.com/ logo
#support-questions
Title
# support-questions
r

rajivharlalka

03/01/2022, 2:23 PM
Hello, under which case does the verifySession middleware return
message: unauthorised
also what is the path of the function in the sdk.Tried to find but couldnt exactly locate it.
r

rp

03/01/2022, 2:28 PM
It would return that if the session tokens are missing from the request.
Essentially it's
import { verifySession } from "supertokens-node/recipe/session/framework/express";
r

rajivharlalka

03/01/2022, 2:41 PM
I was testing my api with the verify middleware using postman. - Logged in using OTP from email and got the session token
Then tried accessing the route with the middleware , but gettign this error.
r

rp

03/01/2022, 2:42 PM
Hmmmm.
What’s the domain and path of the sAccessToken?
I mean is there a way to verify that postman is actually sending the cookies in the request?
r

rajivharlalka

03/01/2022, 2:46 PM
I am using cookies for the time using postman , so I dont have much of an idea. Would try finding something on postman.
didnt find domain in the sAccessToken , the path was '/'
r

rp

03/01/2022, 3:13 PM
Hmmm.
If you can see how to know if cookies are sent or not via postman, that can help
@User did you solve this problem already?
r

rajivharlalka

03/01/2022, 3:38 PM
No, ig I am having some issues with my postman itself.
Trying to find a get around with it.
r

rp

03/01/2022, 3:39 PM
Hmm. Does it work on the browser? When u actually call the API via code?
r

rajivharlalka

03/01/2022, 3:40 PM
Do you mean through frontned?
r

rp

03/01/2022, 3:40 PM
Yes
r

rajivharlalka

03/01/2022, 3:46 PM
We actually do not have a frontend ready
r

rp

03/01/2022, 3:46 PM
Hmm
Free for a quick debug call now?
oh right! I think i know. The cookie has secure attribute. And you are querying http not https. So the cookies don't get sent
What is the value of apiDomain on the backend? Is it
https://...
? or
http://...
r

rajivharlalka

03/01/2022, 4:35 PM
Sorry got offline that time. The api currently is in localhost so yes it is http .
r

rp

03/01/2022, 4:35 PM
Is the apiDomian https?
In the appInfo config
r

rajivharlalka

03/01/2022, 4:37 PM
Had set that to the possible domain we gonna use soon i.e. https://griffin.com
r

rp

03/01/2022, 4:37 PM
I see. So while your testing it on localhost, it needs to be set to that
Otherwise cookies don’t work properly
r

rajivharlalka

03/01/2022, 4:38 PM
Just a sec trying with that
Yes it worked.
Thanks a lot. Can you explain why was that happening exactly
How was that apiDomain responsible for setting cookies on Postman
r

rp

03/01/2022, 4:41 PM
The apiDomain you had set had https in it. So the cookies then have a secure attribute to them. This means that postman would send those cookies only if you query https. But you were querying http, so that’s why it didn’t work
r

rajivharlalka

03/01/2022, 4:48 PM
Okk, this makes sense. Thanks a lot again 😄✌️
3 Views