Documentation of Session extension incomplete
Opened this issue · 0 comments
quintilation commented
Preflight checklist
- I could not find a solution in the existing issues, docs, nor discussions.
- I agree to follow this project's Code of Conduct.
- I have read and am following this repository's Contribution Guidelines.
- I have joined the Ory Community Slack.
- I am signed up to the Ory Security Patch Newsletter.
Ory Network Project
No response
Describe the bug
If you extend a kratos session using the admin API,
the next call to the public toSession()/Whoami REST API will then return a new cookie.
This new cookie must be returned to the UI and used for future UI requests;
I believe the cookie contains an expiry data as part of its encrypted payload.
This is not explained in the kratos documentation and if this is not done,
UI requests start to fail when the original session expires even though the
session in the database has been updated.
Reproducing the bug
Not really relevant
Relevant log output
not relevant
Relevant configuration
not relevant
Version
kratos 1.1.0
On which operating system are you observing this issue?
Linux
In which environment are you deploying?
Docker Compose
Additional Context
No response