I hope it isn t a bother but I was hoping to learn more abou

Question

I hope it isn t a bother but I was hoping to learn more about this piece comment from GitHub > The only issue with the steps you mentioned is that the page the user needs to be redirected to must have have the same path as the refresh token API that is provided by us That path is = ` apiBasePath session refresh` ` auth session refresh` by default The reason for this is that the refresh token cookie is restricted to be sent to only that exact path for security reasons I was curious to know how this helps security and how SuperTokens enforces this I noticed that my Remix trick indeed fails to work unless I have the user visit ` auth session refresh` from the browser

rp · Answer

This is enforced via the cookie s path config It s a config that tells the browser which path to send the cookie on

rp · Answer

And it increases security by limiting the network exposure of the refresh token

ITEnthusiasm · Answer

Ah okay That makes sense Thanks