FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login

    fusionauth.sso cookie's value is encoded?

    Scheduled Pinned Locked Moved
    General Discussion
    0
    5
    2.6k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Y
      yb98
      last edited by yb98

      Hello,

      I was looking at the fusionauth.sso cookie and its value seems to be encoded, as I used the "jwt/refresh?userId" API endpoint to retrieve all currently active refresh tokens, and none of the tokens' ids matched with the value of the fusionauth.sso cookie. However, when I look at the value of the fusionauth.session cookie, it corresponds perfectly with the id of the refresh token for the FusionAuth session.

      I am wondering why one of the session cookies corresponds to the id of a refresh token (fusionauth.session), whereas the other (fusionauth.sso) does not, perhaps one is encoded and the other is not? Thanks!

      Y 1 Reply Last reply Reply Quote 1
      • Y
        yb98 @yb98
        last edited by

        @yb98 I just figured this out, the cookie value is encoded in base 64, you can simply decode it to retrieve the actual token id.

        1 Reply Last reply Reply Quote 0
        • joshuaJ
          joshua
          last edited by

          @yb98

          Glad that you were able to get this figured out!

          Thanks,
          Josh

          1 Reply Last reply Reply Quote 0
          • P
            pleymor
            last edited by

            Hi!

            I was wondering exactly the same, but unlike @yb98 decoding the content of fusionauth.sso (Base64) does not match my refresh token (like, not at all).

            Is there a trick (special encoding or something)?

            Thanks 🙂

            Y 1 Reply Last reply Reply Quote 0
            • Y
              yb98 @pleymor
              last edited by

              @pleymor yeah, it is slightly tricky, you can try decoding it here: https://www.base64decode.org/, you will get some gibberish, but the refresh token will be a substring of the decoded token. The length of the decoded token may also vary depending on your browser.

              1 Reply Last reply Reply Quote 0
              • Y yb98 referenced this topic on
              • First post
                Last post