Hello, Due to some mistakes in FE, we don't handle...
# talk-kratos
Hello, Due to some mistakes in FE, we don't handle correctly cookie checking at FE, due to some actions like reset password or registration got error like this one:
Copy code
  "code": 400,
  "status": "Bad Request",
  "reason": "A valid session was detected and thus recovery is not possible.",
  "message": "The request was malformed or contained invalid parameters"
I checked that there are 3 end points will check session:
Copy code
For login endpoint, I can bypass this check via "refresh=true" param, but there is no param to bypass this for 2 remaining endpoints. My question here is: Do we really need to have this check? I think the requirement to have that checking is from business team, some kind like: some companies will allow end-user to reset pass + register the new one while they're logged in (Gmail is an example, we don't need to logout and we can register new accounts) --> should we have configure to turn on/off this check for recovery + registration flow (or, have same param refresh=true for these 2 flows)?
I believe there's an open PR for this already!
let I check
you mean this one: https://github.com/ory/kratos/pull/2195? it's for recovery flow only, and you're in charged of it 🙂. Please review and think about registration also, thanks.