done it, still able to log in, but later getting 403s

We don't return 403s. Can I see the error you are seeing?

That's why I am thinking that it might be a thing in my codebase 😄 It's just 403 - Forbidden after redirection, might it be an issue with redirecting after sing up?

It's probably your web server config.. nothing to do with supertokens

It's an issue with 'auto logging in' after signup, just don't know where to look after it, as I see nothing that could be linked

When you call the sign up / in API, it does create a new session.

Signup is returning 200, then it's being redirected to let's say 'home', and it's returning 403 - forbidden, but I want it to make Signup -> Send Email Verification [Blocked log in] -> Verify -> Log in. Looking at DB emails are not confirmed, but yet I am still automatically logging in after sign up. I am just not sure where that 'automatically logging in' feature might be hidden, looking at overrides of EmailPassword - nothing, that's why I am asking if it might be override in Session 🙂

Which backend SDK are you using? I can point you to the code in the SDK that does that

EmailPassword NodeJS

Sign in API logic: https://github.com/supertokens/supertokens-node/blob/master/lib/ts/recipe/emailpassword/api/implementation.ts#L104 Sign up API logic: https://github.com/supertokens/supertokens-node/blob/master/lib/ts/recipe/emailpassword/api/implementation.ts#L137 If you see, in those functions, there is a call to

createNewSession

which makes a session. Now on the frontend, if you are using

EmailPasswordAuth

wrappers around your protected route, it makes sure that those protected routes are only shown if the user's email is verified. This has nothing to do with a session existing or not - you want a session anyway 🙂

Okay! Thanks 🙂 Got a clue now ^_^

Yes. This one: https://github.com/supertokens/supertokens-auth-react/tree/master/examples/with-emailpassword

Yup it works, gotta search where the issue is then, as supertokens wise, everything looks fine