https://supertokens.com/ logo
Join Discord
Powered by
Nothing is happening when I revoke in the frontend...
# support-questions-legacy
k
Nothing is happening when I revoke in the frontend ?
r
Hey @kevin__8332
Can I see the sign out api call request headers and response?
k
See the thing is the session still exists , even after I log out? Should that happen?
sessionContext.doesSessionExist this returns true even when I sign out
r
What r the request headers for the sign out api?
Right. So the brower isn’t adding the cookies to the request
When you sign in, what’s the response headers?
k
let me see
r
Can you hover on the orange triangle on the set-cookie header? What does it say?
k
yes sure just a sec
Same Site = Lax , something like that issue
It says it was blocked because the attribute SameSite = Lax was blocking it
r
What’s the website url?
And what’s the value of apiDomain and websiteDomain that you have set?
k
127.0.0.5173
localhost:8000
r
Right. Have you correctly set the websiteDomain value on the backend?
k
I think yes.
r
Hmm. This should result in cookie sameSite as none
Can you restart your backend and login again? Do you set the orange warning trainable again?
Triangle *
k
ok sure
Sorry for keeping you on wait , Same issue
I can add my code to any github repo and send them to you , how does that sound?
r
In session.init, set the cookieSameSite setting to “none”
On the backend
k
oh let me do that
is it like this?
r
Yes. On the backend code
Try logging in now
k
This is the sign in headers
This is the signout
But still the session is logged In
r
Are you showing me the options request or post?
k
I did not understand the question , I am sorry
r
The screenshot you sent me above. What method is it?
k
post
using SDK
r
So no cookies are being sent at all now?
k
nope
r
That’s weird.
k
I am just following the guide of react
r
Can you remove the cookieSameSite setting and try again?
k
But I am unable to sign out? OR when I call the sign out function
The doesSessionExist function always returns true
How do I confirm whether the person has logged out.
r
Can u remove the setting and try again?
Do the cookies get sent?
And if you add the setting back, do the cookies not get sent?
k
I did it , the cookie always come whether i add the setting or not
r
In the response headers?
Sign in api response header I mean
k
Let me see
r
The cookieSameSite none setting should make things work
I’m not sure why the previous screenshots u sent didn’t have set-cookies in the response
Unless you are showing me the OPTIONS request. Then it won’t have set-cookie. But POST should have
k
oh okay , this is when I do not have the setting
this is when i put the sameSite as none
it still throws the error in setCookie
r
Right. So with sameSite none, if y hover on the triangle, what does it say?
Oh right. It won’t allow u cause u r using http not https
k
it says that , it was blocked because it did not have "secure" attribute
r
Ok. So switch to using header based auth instead of cookie
Search in our docs for token transfer method
And switch to using header based. Things should work the
Then*
k
Oh Okay, Thank you so much.
This was one hell of a customer experience
I have never seen founders so involved with the issues of the user
PreviousNext
Powered by