Hey guys did the implementation of sessionRequired change in SuperTokens.com #support-questions-legacy

Hey guys, did the implementation of sessionRequire...

nadilas

05/22/2022, 2:29 PM

Hey guys, did the implementation of sessionRequired change in supertokens-node@9.2.0? Even though I had set it to false it now throws a 401 Unauthorized for public routes

return await verifySession({sessionRequired: false})(ctx.req as any, ctx.res as any, next)

rp_st

05/22/2022, 2:31 PM

Huh.. that’s weird. Nothing has changed regarding this

rp_st

05/22/2022, 2:31 PM

Have you tried a previous version and that worked?

nadilas

05/22/2022, 2:33 PM

Mhm, good point, not yet. It was working up until the today.

rp_st

05/22/2022, 2:33 PM

Can you enable debug logs and show me the output?

nadilas

05/22/2022, 2:33 PM

I'll try downgrading one minor. It's not a blocking point, I just moved the middleware logic one layer down to my protected routes, now it can actually check with sessionRequired: true, but still I thought it was weird

nadilas

05/22/2022, 2:34 PM

Sure, let me move things back

nadilas

05/22/2022, 2:34 PM

How do you enable debug logs again? 😄

rp_st

05/22/2022, 2:34 PM

Add env var like DEBUG=com.supertokens node index.js

nadilas

05/22/2022, 2:36 PM

One sec

nadilas

05/22/2022, 2:44 PM

So your explanation tells me, even though a session is not required per my parameter, having an expired access_token present in the call causes the verification to fail

nadilas

05/22/2022, 2:44 PM

rp_st

05/22/2022, 2:44 PM

Yes. Cause technically, the session does exist. The user is still logged in

nadilas

05/22/2022, 2:45 PM

Oooooh

nadilas

05/22/2022, 2:45 PM

So if I clean the cookies, the public route will work again having no expired token and no active session

nadilas

05/22/2022, 2:45 PM

nadilas

05/22/2022, 2:45 PM

It was a hypothetical question, it of course means that 😄 and it does work

rp_st

05/22/2022, 2:46 PM

Their refresh token is still valid.

rp_st

05/22/2022, 2:46 PM

So it just needs session refreshing

rp_st

05/22/2022, 2:46 PM

Yup. If you clear just the sIdRefresh cookie, it will not return a 401

nadilas

05/22/2022, 2:47 PM

I was supposed to be after a logout, but on local dev, I probably messed up the states or restarts and got stuck

rp_st

05/22/2022, 2:48 PM

Yeaaaa. That’s possible

nadilas

05/22/2022, 2:48 PM

I guarded the app with

sessionRecipe.doesSessionExist()

which was false so I was routed to the login page and that's when the error occured

nadilas

05/22/2022, 2:49 PM

is there a helper method (or maybe signout?) I can call for easy cleanup of the cookies if

sessionRecipe.doesSessionExist()

returns false?

rp_st

05/22/2022, 2:49 PM

I see. Yea. State is messed up.

rp_st

05/22/2022, 2:49 PM

Well. The state you somehow reached shouldn’t be possible unless manually cookies are cleared incorrectly.

rp_st

05/22/2022, 2:50 PM

So there isn’t such a helper

nadilas

05/22/2022, 2:51 PM

Right, if this state cannot happen on prod then I'm fine, I know now how to get out of it

nadilas

05/22/2022, 2:51 PM

thanks 👍

rp_st

05/22/2022, 3:06 PM

👍

Previous Next