https://supertokens.com/
Join Discord
Hello, under which case does the verifySession middleware return `message: unauthorised` also what i...
# support-questions-legacy
r
Hello, under which case does the verifySession middleware return 
message: unauthorised
also what is the path of the function in the sdk.Tried to find but couldnt exactly locate it.
r
It would return that if the session tokens are missing from the request.
Essentially it's 
import { verifySession } from "supertokens-node/recipe/session/framework/express";
r
I was testing my api with the verify middleware using postman. - Logged in using OTP from email and got the session token
Then tried accessing the route with the middleware , but gettign this error.
r
Hmmmm.
What’s the domain and path of the sAccessToken?
I mean is there a way to verify that postman is actually sending the cookies in the request?
r
I am using cookies for the time using postman , so I dont have much of an idea. Would try finding something on postman.
didnt find domain in the sAccessToken , the path was '/'
r
Hmmm.
If you can see how to know if cookies are sent or not via postman, that can help
@User did you solve this problem already?
r
No, ig I am having some issues with my postman itself.
Trying to find a get around with it.
r
Hmm. Does it work on the browser? When u actually call the API via code?
r
Do you mean through frontned?
r
Yes
r
We actually do not have a frontend ready
r
Hmm
Free for a quick debug call now?
oh right! I think i know. The cookie has secure attribute. And you are querying http not https. So the cookies don't get sent
What is the value of apiDomain on the backend? Is it 
https://...
? or 
http://...
r
Sorry got offline that time. The api currently is in localhost so yes it is http .
r
Is the apiDomian https?
In the appInfo config
r
Had set that to the possible domain we gonna use soon i.e. https://griffin.com
r
I see. So while your testing it on localhost, it needs to be set to that
Otherwise cookies don’t work properly
r
Just a sec trying with that
Yes it worked.
Thanks a lot. Can you explain why was that happening exactly
How was that apiDomain responsible for setting cookies on Postman
r
The apiDomain you had set had https in it. So the cookies then have a secure attribute to them. This means that postman would send those cookies only if you query https. But you were querying http, so that’s why it didn’t work
r
Okk, this makes sense. Thanks a lot again 😄✌️
8 Views
PreviousNext
Powered by

SuperTokens.com

SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

Powered by