Check session status: documentation and code are not consistent in this repo. #1612
Description
Preflight checklist
- I could not find a solution in the existing issues, docs, nor discussions.
- I agree to follow this project's Code of Conduct.
- I have read and am following this repository's Contribution Guidelines.
- I have joined the Ory Community Slack.
- I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
No response
Describe the bug
in the documentation, we need xSessionToken and cookie: https://www.ory.sh/docs/identities/sign-in/check-session-token-cookie-api :
const authHeader = req.headers.authorization
const hasAuthHeader = authHeader.startsWith("Bearer ")
const sessionToken = hasAuthHeader
? authHeader.slice(7, authHeader.length)
: null
const session = await ory
.toSession({
cookie: req.cookies.join("; "),
xSessionToken: sessionToken,
})
.catch((err) => {
// Check the error to see if it's a 401 / 403 -> not logged in
})But in the code, we just need cookies:
https://github.com/ory/kratos-selfservice-ui-node/blob/master/src/pkg/middleware.ts#L72
frontend
.toSession({ cookie: req.header("cookie") })
.then(addSessionToRequest(req))I can't find any explanation about what xSessionToken is used for.
Reproducing the bug
Relevant log output
No response
Relevant configuration
No response
Version
@ory/client": "^1.4.2",
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Docker
Additional Context
No response