How are you guys refreshing the user's access_token for infinite sessions? (Supabase auth)
I 'm not using the Supabase SDK on the frontend , so it seems like I need to call supabase .auth .refreshSession ( ) from an edge function ? Is this how you guys are doing it ? I .e . every time the user goes to the dashboard , call this endpoint to refresh their auth ? Or could store the expiry date in local storage to avoid calling the endpoint as often . ✅1✅1✅1✅1✅1✅1✅1✅1✅1✅1✅1✅1✅1✅1✅1✅1✅1✅1✅1✅1thats a good question I 'm looking for a good solution too you could look up on page load , wheter the token is like 30 minutes or less away from expiration (assuming a user will be no longer than 30 minutes on one page , so that it is always "right on time " ) and if true , given that on page load , fire the refresh 👍1I 'm storing the refresh _token as an http cookie , but I 'm having trouble passing it to my edge function . Is there anything special I need to do in my API request to pass the cookie ? In the network tab under "Request Headers " I can see the refresh _token is there along with the access _token , but the cookie shows up as null in my edge function log : console .log ( 'Raw Cookie Header R e c e i v e d : ' , req .headers .get ( 'cookie ' ) ) ; Are you trying to pass both ? If so they might need their own headers or to pass it in the body if that ’s where the edge function is expecting it Hi @Ben H , how were you able to store both the refresh _token and access _token as httponly cookie in the first place ? I gather that using the NC proxy is necessary for using http -cookies , and that a Set -Cookie header from server side will not work without it . But it seems i am only able to set session cookies once , and only as access _token ? Not using Supabase though , so might be different there 🙂 you aren 't able to set the refresh token using the NC set session cookies action (it can only set the access token ) . in my case , when a user logs in , supabase gives you the access token and refresh token in the response . i save the access token using the built in NC action . both are set as http only cookies @Henk_BLUE actually now that i 'm looking at it it looks like i initially send the refresh token in the request body to the edge function that sets the initial refresh token . however i have a different edge function that i call to refresh the session using the stored refresh token , and that takes the refresh token in the auth header . been awhile since i looked at these lol aaaaah that makes more sense . And you set the refresh token trough the edge function via a Set -Cookie header , I presume ? That is where my Xano setup interferes , for that matter . Xano already has a default Set -Cookie header , if i add a refresh token as a second Set -Cookie header , NC doesn 't read and save it . And if I merge the refresh token with the default Xano cookie , NC only takes the first cookie , which happens to be the Xano one . . Thanks for explaining ! yep the edge function uses a set -cookie header : / / Set the refresh token cookie and return success return new Response (JSON .stringify ( { success : true , message : 'Refresh token cookie set ' } ) , { headers : { . . .corsHeaders , 'Content -Type ' : 'application /json ' , 'Set -Cookie ' : cookieStr } , } ) ; unfortunately i can 't comment on the xano issue as i 'm not very familiar with it 🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1🙌1I 'm also trying to do what you did : an edge function to add cookies directly . The function always returns a 200 code , but no cookies are added . . . I tried with credentials : "include " , SameSite =None , but nothing works . Didn 't you have trouble getting there ? I 'd appreciate any help ! Thanks
.jpeg/public)