https://supertokens.com/ logo
Channels
bot-training
community
contributing
general
github-activity
info
introductions
new-releases
random
security
support-questions
welcome-0xdelusion
welcome-aj-ya
welcome-aleksandrc
welcome-alpinjs
welcome-amberlamps1
welcome-andrew-rodriguez
welcome-ankit-choudhary
welcome-anthony-stod-custodio
welcome-call-in
welcome-chwalbox
welcome-claybiokiller
welcome-co7e
welcome-cosmoecwsa
welcome-devdag
welcome-dinso
welcome-drebotelho
welcome-elio
welcome-ernest
welcome-foxbarrington
welcome-fromscratch
welcome-galto4ir
welcome-goetzum
welcome-hay-kot
welcome-himanshu-kukreja
welcome-hossambarakat
welcome-ichikawakazuto
welcome-jahir9991
welcome-jamesl
welcome-jerry123424
welcome-john-oliver
welcome-jonas-alexanderson
welcome-jxyz
welcome-kelvinwop
welcome-kraz
welcome-lancekey
welcome-leoo
welcome-lukeacollins
welcome-m-j-mon
welcome-malik-khoja
welcome-marco
welcome-mardadi
welcome-meshguy
welcome-metamorph
welcome-mike-tectu
welcome-mirzok
welcome-mozomig
welcome-naberyou66_
welcome-nacer
welcome-namratha
welcome-naveenkumar
welcome-nightlight
welcome-nischith
welcome-notankit
welcome-olawumi
welcome-pavan-kumar-reddy-n
welcome-pineappaul
welcome-poothebear
welcome-rick
welcome-samuel-qosenergy
welcome-samuelstroschein
welcome-shubhamgoel23
welcome-shubhamkaushal
welcome-sidebar
welcome-surajsli
welcome-suyash_
welcome-syntaxerror
welcome-tauno
welcome-tawnoz
welcome-teclali
welcome-tls
welcome-turbosepp
welcome-vikram_shadow
Powered by
Title
a

anupamdagar

02/22/2023, 8:50 AM
Hi, I get the following response when I try calling the session refresh api. 
json
{
  "message": "unauthorized"
}
This is the curl request. Cookie isn't present in the curl but is attached in the real request. 
bash
curl --location --request POST 'http://localhost/auth/session/refresh' \
--header 'rid: session' \
--header 'fdi-version: 1.8,1.9,1.10,1.11,1.12,1.13,1.14'
r

rp

02/22/2023, 8:59 AM
Hey. You need to also send the refresh token along with the request.
a

anupamdagar

02/22/2023, 9:00 AM
sRefreshToken
right?
r

rp

02/22/2023, 9:00 AM
Yes.
a

anupamdagar

02/22/2023, 9:02 AM
why is the cookie path 
Path=/auth/session/refresh
for `sRefreshToken`and not 
/
for others?
is there a way to modify it?
r

rp

02/22/2023, 9:02 AM
Cause the refresh token should be sent only for the refresh api. Better security.
No way to modify that. Nor should you need to.
a

anupamdagar

02/22/2023, 9:03 AM
okay. I had to modify it in postman since postman was not attaching it for the endpoint and hence the unauthorized message.
Thanks for the help. I am now able to refresh it.
#support-questionsJoin Discord
Powered by