https://supertokens.com/ logo
Title
a

anupamdagar

02/22/2023, 8:50 AM
Hi, I get the following response when I try calling the session refresh api.
json
{
  "message": "unauthorized"
}
This is the curl request. Cookie isn't present in the curl but is attached in the real request.
bash
curl --location --request POST 'http://localhost/auth/session/refresh' \
--header 'rid: session' \
--header 'fdi-version: 1.8,1.9,1.10,1.11,1.12,1.13,1.14'
r

rp

02/22/2023, 8:59 AM
Hey. You need to also send the refresh token along with the request.
a

anupamdagar

02/22/2023, 9:00 AM
sRefreshToken
right?
r

rp

02/22/2023, 9:00 AM
Yes.
a

anupamdagar

02/22/2023, 9:02 AM
why is the cookie path
Path=/auth/session/refresh
for `sRefreshToken`and not
/
for others?
is there a way to modify it?
r

rp

02/22/2023, 9:02 AM
Cause the refresh token should be sent only for the refresh api. Better security.
No way to modify that. Nor should you need to.
a

anupamdagar

02/22/2023, 9:03 AM
okay. I had to modify it in postman since postman was not attaching it for the endpoint and hence the unauthorized message.
Thanks for the help. I am now able to refresh it.