https://supertokens.com/ logo
Join Discord
Powered by
Hello, im not sure if im doing something wrong of ...
# support-questions
c
Hello, im not sure if im doing something wrong of of its maybe a bug. Im using Nextjs. If i call my api that revoke All Session for the current user (await Session.revokeAllSessionsForUser(userId);) I can still use the frontend and make other api calls. Frontend is protected with SessionAuth and api with superTokensNextWrapper/verifySession. ACCESS_TOKEN_BLACKLISTING is enabled. Why i can still use the frontend after revoking all sessions. I want to logout all devices of the user
r
hey @ctrick
how have you enabled ACCESS_TOKEN_BLACKLISTING?
c
Hey @rp
I added ACCESS_TOKEN_BLACKLISTING to the env in my docker compose file supertokens: image: registry.supertokens.io/supertokens/supertokens-postgresql depends_on: - db ports: - 3567:3567 environment: POSTGRESQL_CONNECTION_URI: "postgresql://supertokens_user:somePassword@db:5432/supertokens" ACCESS_TOKEN_BLACKLISTING: "true"
i checked the config.yaml inside the docker container. ACCESS_TOKEN_BLACKLISTING is set to true
r
hmm. Can you call the handshake API (https://app.swaggerhub.com/apis/supertokens/CDI/2.16.2#/Session%20Recipe/sessionHandshake) on the core instance and show me the result from it?
c
{"data":{"status":"OK","jwtSigningPublicKey":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr00Y6Hvltt4vdpwuvpwZjzD4S4/xffXWQaKDZn0vbvo6ZNEcwbA1clsW2FHAP+rVSfMkJWQwLTawdU012cDunGFy276b60fCl9Qa2dl0wXNb5TB/sxYuJZEOkr8lZy79seXoIyjssIHAMZYXvNW7wOSPcCTK9ovPsMbT8V/PSbkAwiVC+5gwahnwaKxY3Fq0zmWCc7qB3xu/V2PXdWWjNp3sb8lzx0vVsA94wWVPflK7wSMBl8E7oZ5i+I/vNS6f0lb69m9kQNae44tbZ6Qy4xfGrEHSAU5sayvjkAI/RzwoMDXu6Y1cryFuCAZKqVAceVexLwU4YX+Db6IzjKWqPQIDAQAB","jwtSigningPublicKeyExpiryTime":1667424951986,"jwtSigningPublicKeyList":[{"publicKey":"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr00Y6Hvltt4vdpwuvpwZjzD4S4/xffXWQaKDZn0vbvo6ZNEcwbA1clsW2FHAP+rVSfMkJWQwLTawdU012cDunGFy276b60fCl9Qa2dl0wXNb5TB/sxYuJZEOkr8lZy79seXoIyjssIHAMZYXvNW7wOSPcCTK9ovPsMbT8V/PSbkAwiVC+5gwahnwaKxY3Fq0zmWCc7qB3xu/V2PXdWWjNp3sb8lzx0vVsA94wWVPflK7wSMBl8E7oZ5i+I/vNS6f0lb69m9kQNae44tbZ6Qy4xfGrEHSAU5sayvjkAI/RzwoMDXu6Y1cryFuCAZKqVAceVexLwU4YX+Db6IzjKWqPQIDAQAB","expiryTime":1667432151986,"createdAt":1666820151986}],"accessTokenBlacklistingEnabled":true,"accessTokenValidity":3600000,"refreshTokenValidity":8640000000}}
r
hmm. So the 
accessTokenBlacklistingEnabled
is 
true
when you call revoke session for user, do the sessions get cleared in the db?
c
i never checked in the db of supertokens
r
maybe you should.
and make sure that the userId you are passing to that function is correct.
c
What i can tell. I get an empty array from Session.getAllSessionHandlesForUser(userId); after using Session.revokeAllSessionsForUser(userId);
r
hmm. And before calling 
revokeAllSessionsForUser
, if you call 
getAllSessionHandlesForUser
, it wasn't an empty array?
c
I try to explain it a bit more detailed. I sign in twice with the same user in my browser. 1 signin in NOT private mode and 1 signin in private mode of chrome The with 1 user i call my /api/revoke-all-sessions This api endpoint do a await Session.revokeAllSessionsForUser(userId);
yes
r
I see.
Can you open an issue about this on our github? We will have a look at it asap
oh and one thing to make sure if that you have to restart the next app after making the config change - did you do that?
c
yes i cancelled my app. And restert it with yarn dev
r
hmm ok
If you could just please open a github issue about this, it would be great
c
thats my api. On first request i get my session handles. And on second they are empty
but i still have a session
Yes! 🙂 i just wnated to be sure. Before openeing an github issue. I don't want to get insulted 😄
r
oh don't worry about it. Worst case, if it's not a bug, the issue will just be closed 🙂
c
Maybe i should test with the hosted core system?
Possibly a docker bug?
on which repo should i open the issue?
r
it's not a docker bug for sure
you can open an issue in the supertokens-node repo
c
i tested with the hosted version. Now it works 😄
r
hmm. Thats very strange
cause the hosted version uses the same docker image as the self hosted one
3 Views
PreviousNext
Powered by