https://supertokens.com/ logo
n

nadilas

05/22/2022, 2:29 PM
Hey guys, did the implementation of sessionRequired change in supertokens-node@9.2.0? Even though I had set it to false it now throws a 401 Unauthorized for public routes
return await verifySession({sessionRequired: false})(ctx.req as any, ctx.res as any, next)
r

rp

05/22/2022, 2:31 PM
Huh.. that’s weird. Nothing has changed regarding this
Have you tried a previous version and that worked?
n

nadilas

05/22/2022, 2:33 PM
Mhm, good point, not yet. It was working up until the today.
r

rp

05/22/2022, 2:33 PM
Can you enable debug logs and show me the output?
n

nadilas

05/22/2022, 2:33 PM
I'll try downgrading one minor. It's not a blocking point, I just moved the middleware logic one layer down to my protected routes, now it can actually check with sessionRequired: true, but still I thought it was weird
Sure, let me move things back
How do you enable debug logs again? 😄
r

rp

05/22/2022, 2:34 PM
Add env var like DEBUG=com.supertokens node index.js
n

nadilas

05/22/2022, 2:36 PM
One sec
So your explanation tells me, even though a session is not required per my parameter, having an expired access_token present in the call causes the verification to fail
?
r

rp

05/22/2022, 2:44 PM
Yes. Cause technically, the session does exist. The user is still logged in
n

nadilas

05/22/2022, 2:45 PM
Oooooh
So if I clean the cookies, the public route will work again having no expired token and no active session
?
It was a hypothetical question, it of course means that 😄 and it does work
r

rp

05/22/2022, 2:46 PM
Their refresh token is still valid.
So it just needs session refreshing
Yup. If you clear just the sIdRefresh cookie, it will not return a 401
n

nadilas

05/22/2022, 2:47 PM
I was supposed to be after a logout, but on local dev, I probably messed up the states or restarts and got stuck
r

rp

05/22/2022, 2:48 PM
Yeaaaa. That’s possible
n

nadilas

05/22/2022, 2:48 PM
I guarded the app with
sessionRecipe.doesSessionExist()
which was false so I was routed to the login page and that's when the error occured
is there a helper method (or maybe signout?) I can call for easy cleanup of the cookies if
sessionRecipe.doesSessionExist()
returns false?
r

rp

05/22/2022, 2:49 PM
I see. Yea. State is messed up.
Well. The state you somehow reached shouldn’t be possible unless manually cookies are cleared incorrectly.
So there isn’t such a helper
n

nadilas

05/22/2022, 2:51 PM
Right, if this state cannot happen on prod then I'm fine, I know now how to get out of it
thanks 👍
r

rp

05/22/2022, 3:06 PM
👍