Hi guys I changed my supertoken cookies e g sFrontToken to s SuperTokens.com #support-questions-legacy

Hi guys, I changed my supertoken cookies (e.g. sFr...

DanielAtStruggly

12/23/2022, 11:51 AM

Hi guys, I changed my supertoken cookies (e.g. sFrontToken) to see how supertokens deals with it :-). I get now a "Failed to execute 'atob' on 'Window'" exception, which is fine as the token is for sure corrupt. How can I programmatically resolve this situation? Calling e.g. Session.signOut() isn't callable as it will also throw the "Failed to execute 'atob' on 'Window'" exception. Any clue? Maybe I miss some callable function within the frontend which can force the deletion of all supertoken cookies. Thanks!

nkshah2

12/23/2022, 11:53 AM

Hi, If this is on the web, you could delete the cookies from the application tab in the dev tools. This will log you out

DanielAtStruggly

12/23/2022, 11:55 AM

Yeah I know. But it would be great to have a method to call provided by e.g. "supertokens-web-js" package which knows which cookies should be deleted.

nkshah2

12/23/2022, 11:55 AM

Hmm fair, in the meantime you could delete just the sFrontToken and IRTFrontToken

nkshah2

12/23/2022, 11:56 AM

On reload it should fetch new ones

nkshah2

12/23/2022, 11:56 AM

And you can create an issue to add a

deleteFrontToken

or something similar function which could handle this for you. Im not sure how valuable this would be but I suppose for testing purposes it could be useful

DanielAtStruggly

12/23/2022, 11:57 AM

I got it. But when I wanna do it programatically at the frontend side, like when Session.doesSessionExist() throws an exception it would be good to have a method which can delete all known supertoken cookies!?

nkshah2

12/23/2022, 11:59 AM

Yep unfortunately the frontend relies on the backend SDKs to decide when cookies should be removed (since some of them are httponly cookies). In this case since the token is malformed signOut also ends up throwing an error instead of clearing cookies You could try creating an API on the backend which calls revokeSession and see if that helps? In the meantime we will evaluate adding a helper for this

DanielAtStruggly

12/23/2022, 12:00 PM

Thanks a lot! I'll check the revokeSession approach!

nkshah2

12/23/2022, 12:00 PM

Happy to help

DanielAtStruggly

12/23/2022, 1:27 PM

FYI: the revokeSession approach doesn't work out of the box, as the session is "only" revoked at the backend side. Sending cookie information like

res.cookie('sFrontToken', '', { maxAge: 0});

is working, but then you have to still know the names of the cookies to destroy. So it would be super useful to have a helper for this! 1000 Upvotes for the helper 🙂

nkshah2

12/23/2022, 1:27 PM

Alright we’ll discuss it and see if we can add it

rp_st

12/24/2022, 7:42 AM

Hey @DanielAtStruggly revokeSession on the backend would also clear the cookies on the frontend (sFrontToken etc..). That’s how the sign out API works

rp_st

12/24/2022, 7:42 AM

If that’s not happening, can I see the response headers from the API that calls revokeSession?

rp_st

12/24/2022, 7:44 AM

Also, you have to call req.session.revokeSession on the backend where session is the object that results from doing a session verification. Is that how you are doing it?

DanielAtStruggly

12/24/2022, 8:29 AM

You are right, calling req.session.revokeSession that results from session verification should do the trick - I missed that. Thanks again helping out.

rp_st

12/24/2022, 8:34 AM

Awesome.

33 Views

Previous Next