some-scooter-3723
02/22/2022, 6:33 AM{
"code": 400,
"status": "Bad Request",
"reason": "A valid session was detected and thus recovery is not possible.",
"message": "The request was malformed or contained invalid parameters"
}
I checked that there are 3 end points will check session:
.ory/kratos/public/self-service/login
.ory/kratos/public/self-service/recovery
.ory/kratos/public/self-service/registration
For login endpoint, I can bypass this check via "refresh=true" param, but there is no param to bypass this for 2 remaining endpoints.
My question here is: Do we really need to have this check?
I think the requirement to have that checking is from business team, some kind like: some companies will allow end-user to reset pass + register the new one while they're logged in (Gmail is an example, we don't need to logout and we can register new accounts)
--> should we have configure to turn on/off this check for recovery + registration flow (or, have same param refresh=true for these 2 flows)?high-optician-2097
some-scooter-3723
02/22/2022, 6:41 AM