Asking about discourse invalid_access

Hi,

I would like to ask about the issue of invalid access due to cookies in Discourse. In my case, I am trying to access the Discourse API using a cookie obtained from /session.json after logging in.

However, I encounter a problem where, after one or two days, Discourse returns an Invalid Access error when using the same cookie that was generated from login (Note: In my case, the cookie updates when the Discourse API returns a header with the Set-Cookie value _t= ). When I check the cookie, the expiration time is still more than a month away (e.g., expires=Tue, 30 Jul 2024 04:04:28 GMT). Additionally, I can see the token I used for login still present in the user_auth_tokens database table.

I would like to know the possible reasons why Discourse might invalidate this token. Are there any specific steps or flags in the database discourse that indicate a token has been declared invalid?

Additional info (I used latest discourse version 3.3.0.beta3-dev)

Thank you.

Why do you not follow this guide?

Hi @thoka, thanks for your reply. I am just checking the flow of how the authentication works from the website.

Regarding the API key, it is an option I can try for developing the API using the Discourse API.

For now, I would like to ask about the invalid access issue with Discourse. Is there any additional information in the database that can be checked (like flag) that indicates a token is already invalid?