ITEnthusiasm
07/05/2022, 5:31 PM/{apiBasePath}/session/refresh
(/auth/session/refresh
by default). The reason for this is that the refresh token cookie is restricted to be sent to only that exact path (for security reasons).
I was curious to know how this helps security, and how SuperTokens enforces this. I noticed that my Remix trick indeed fails to work unless I have the user visit /auth/session/refresh
from the browser.rp
07/05/2022, 6:02 PMITEnthusiasm
07/05/2022, 6:03 PM