Hey there I resumed my work today implementing the session r

Question

Hey there I resumed my work today implementing the session recipe and I m basing it on this https app swaggerhub com apis supertokens FDI 1 13 1 What is rid supposed to be here the recipe id

rp · Answer

hey < Diegovsky>

Diegovsky · Answer

hello

rp · Answer

on the backend SDK the user can initialise several recipes

rp · Answer

And those recipes may have APIs exposed on the same path and method

rp · Answer

the `rid` header helps the SDK know which recipe the request is for

Diegovsky · Answer

yes my question was whether `rid` stood for session id

rp · Answer

no It s not the same as session ID

Diegovsky · Answer

oh sorry I meant recipe id

rp · Answer

ah right yea missed that in your question

rp · Answer

it is the recipe id indeed

rp · Answer

there is one special case though > when the user is querying their own API the `rid` s value is set to `anti csrf` by our frontend SDK

rp · Answer

that s not a recipe But it s a way to protect against CSRF attacks

Diegovsky · Answer

btw the site says the `signout` does not need any cookies to work is that right

Diegovsky · Answer

ah I see

rp · Answer

https cheatsheetseries owasp org cheatsheets Cross Site Request Forgery Prevention Cheat Sheet html use of custom request headers

Diegovsky · Answer

it s a very complex and modular api

rp · Answer

> btw the site says the signout does not need any cookies to work is that right Huh it does need cookies Where did you read that

Diegovsky · Answer

https app swaggerhub com apis supertokens FDI 1 13 1 Session 20Recipe signout

Diegovsky · Answer

here specifically

rp · Answer

oh right yea that s missing It does need cookies to work

rp · Answer

thanks for pointing that out

Diegovsky · Answer

np

rp · Answer

it needs the `sIdRefreshToken` and `sAccessToken`

Diegovsky · Answer

thanks was about to ask