Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow session refreshing even if the frontend thinks that the session doesn't exist #111

Open
rishabhpoddar opened this issue Mar 19, 2022 · 0 comments
Open

Allow session refreshing even if the frontend thinks that the session doesn't exist #111

rishabhpoddar opened this issue Mar 19, 2022 · 0 comments

Comments

@rishabhpoddar
Copy link
Contributor

Ths need for this comes when someone is using us only for session recipe and another auth provider for login. In this case, the other auth provider would do a callback to this user's API layer directly which would create a new supertokens session.

In this case, the httpOnly session cookies would be correctly set, but since there are no frontend interceptors (since the auth provider made this API call directly), the frontend would either:

  1. Not have sIRTFrontend
  2. Have sIRTFrontend with the value of remove.

In case of (1), when the frontend would call doesSessionExist, it would call the refresh API and it would all work fine. But in case of (2), doesSessionExist would return false. The only way to then make the frontend realise that the session actually exists is to manually clear the sIRTFrontend cookie and then call doesSessionExist.

So we should expose a function that does this - something like doesSessionExistCheckUsingBackendCall, and then document that accordingly.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rishabhpoddar