Hi, got a little issue with our Android app on react native for a few days. it can log in and get an access token but when refreshing it logs us out this is what we changed before it started to happen : - "supertokens-node": "^8.5.0", + "supertokens-node": "^9.2.3", in the same deployment, we also set the cookieDomain to a wildcard to allow subdomains the weird thing is ios is fine

Hey

"supertokens-react-native": "3.0.7",

Out of curiosity, does it still work for Android if you dont use the wildcard? Just to rule it out

we're testing it now

Yep that should work just fine

ok I think we nailed down something interesting here: on staging.poppy.red => refreshing works on android with a cookiedomain set to ".poppy.red" but on poppy.red => refreshing will not work

That is strange

instead we will reissue a set-cookie from the other domain if we submit it a valid JWT

Ah right you would have to do it manually (this depends on what framework you are using on your backend)

0.66.3

Its supposed to work for both subdomains and the domain itself, android has had issues with cookie logic being different that could be the reason

what I'm planning to do is open a webview from react-native and transfer its authentication there. that webview lives on a subdomain. Even if it was in the same domain it does inherit a session cookie from the app so the workaround is : pass the JWT to the webview. Make the webview post the JWT to an endpoint, verify the JWT and then issue a new Session Cookie for that subdomain.

Ah, so that endpoint that gets sent the JWT would call

createNewSession

(explained here: https://supertokens.com/docs/session/common-customizations/sessions/new-session)

yeah

So then you could also override the createNewSession function (https://supertokens.com/docs/session/advanced-customizations/backend-functions-override/usage) and then simply do something custom for that specific user id