https://supertokens.com/ logo
Join Discord
Powered by
After fixing the cors issue, now the session doesn...
# support-questions-legacy
c
After fixing the cors issue, now the session doesnt last for long (maybe 30 minutes) on the second front-end. Its as if the access token doesnt refresh automatically. Anything special I need to do?
r
Hey! Can you enable frontend logs and show us the output of any API call that requires session verificaiton?
c
r
what are the request headers?
c
These are the logs
message
This happens 1 hour after login, just like the access token expiry
If I refresh I am correctly redirected to login and dont get the error
So its a bit hard to replicate, I couldnt see the heads because I didnt have the dev tools open
r
Can i see the backend logs for when the refresh API is called/
You can trigger it quickly by signing in, deleting the sAccessToken cookie from the cookie storage, and then clicking on some button that calls an API that does session verification
And also can you send a screenshot of the login response headers? I want to see the Set-Cookies header values (the whole value including the expiry etc..)
c
Sent you a PM with the screenshot, testing with backedn logs now also
I dont have an 
sAccessToken
on either front-end. Only 
sFrontToken
.
Backend logs after deleting 
sFrontToken
message
I have 
sAccessToken
on my signin frontend if I clear cookies. The domain is set to staging-auth.myDomain.com. If I refresh it disappears
r
Right. So the issue is that the cookies are not being sent to the refresh API call, and so the refresh API returns a 401, logging out the user.
What is the website URL and what is the API URL? (You can DM me if you like to keep that private)
c
DMed
Thanks its fixed with cookieSameSite: 'none'
On prod what should I set this to?
r
on prod, you should set it to "lax"
3 Views
PreviousNext
Powered by