02/18/2023, 8:24 PM
Supertokens is setting the access token cookie like so: is this normal? what is the % doing in the base64 string?
This causes getSession to fail:


02/18/2023, 8:51 PM
yes it is normal. i checked it against mine and that is what I get too.
rp is probably going to say can i see the request headers of the API call which throws that error?


02/18/2023, 8:58 PM
I found the issue. Supertokens is checking
and if defined, it just gets the cookie from there, assuming that the cookie header was correctly parsed already. I had this code in my express app:
req.cookies = req.cookies || {};
    req.headers.cookie?.split(";").forEach((cookie) => {
      const [key, value] = cookie.split("=");
      req.cookies[key.trim()] = value;
This code doesn't url-decode the strings, so that was the issue. After removing this code, Supertokens looks at the request.headers and parses the cookie correctly itself.