SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

Hi,
I get the following response when I try calling the session refresh api.
```json
{
  "message": "unauthorized"
}
```

This is the curl request. Cookie isn't present in the curl but is attached in the real request.
```bash
curl --location --request POST 'http://localhost/auth/session/refresh' \
--header 'rid: session' \
--header 'fdi-version: 1.8,1.9,1.10,1.11,1.12,1.13,1.14'
```

Hey. You need to also send the refresh token along with the request.

why is the cookie path `Path=/auth/session/refresh` for `sRefreshToken`and not `/` for others?

Cause the refresh token should be sent only for the refresh api. Better security.

No way to modify that. Nor should you need to.

okay. I had to modify it in postman since postman was not attaching it for the endpoint and hence the unauthorized message.

Thanks for the help. I am now able to refresh it.