Hi, got a little issue with our Android app on re...
# general
t
Hi, got a little issue with our Android app on react native for a few days. it can log in and get an access token but when refreshing it logs us out this is what we changed before it started to happen : - "supertokens-node": "^8.5.0", + "supertokens-node": "^9.2.3", in the same deployment, we also set the cookieDomain to a wildcard to allow subdomains the weird thing is ios is fine
n
Hey
What version of the react-native SDK are you using?
t
"supertokens-react-native": "3.0.7",
n
Out of curiosity, does it still work for Android if you dont use the wildcard? Just to rule it out
t
we're testing it now
by the way for testing convenience is it safe to set an access token validity of 60 secs ?
it's not going to invalidate an access token that was normally valid for one hour after 60sec?
n
Yep that should work just fine
t
ok I think we nailed down something interesting here: on staging.poppy.red => refreshing works on android with a cookiedomain set to ".poppy.red" but on poppy.red => refreshing will not work
ios works in all cases
we gave up on setting up that cookieDomain. to be safe we're redeploying without it
n
That is strange
t
instead we will reissue a set-cookie from the other domain if we submit it a valid JWT
I can't find it in the doc anymore but how can we create a new session and do a set-cookie on a custom endpoint and not with a framework middleware?
n
Ah right you would have to do it manually (this depends on what framework you are using on your backend)
What version of react native are you using?
t
0.66.3
maybe we misunderstood the cookieDomain use, is a cookieDomain set to
.poppy.red
supposed to work for both
example.poppy.red
and
poppy.red
or only for the subdomain
example.poppy.red
?
web framework is fastify
how can I issue a new session for a specific user?
n
Its supposed to work for both subdomains and the domain itself, android has had issues with cookie logic being different that could be the reason
What do you mean for a specific user?
What I mean is, does that specific user need to perform some action or do you just want to create a session for them on your backend directly
t
what I'm planning to do is open a webview from react-native and transfer its authentication there. that webview lives on a subdomain. Even if it was in the same domain it does inherit a session cookie from the app so the workaround is : pass the JWT to the webview. Make the webview post the JWT to an endpoint, verify the JWT and then issue a new Session Cookie for that subdomain.
n
Ah, so that endpoint that gets sent the JWT would call
createNewSession
(explained here: https://supertokens.com/docs/session/common-customizations/sessions/new-session)
I assume you have some identifier for the user and you want to do something custom when creating a session for that specific user?
t
yeah
awesome
n
So then you could also override the createNewSession function (https://supertokens.com/docs/session/advanced-customizations/backend-functions-override/usage) and then simply do something custom for that specific user id
14 Views