Albert Starreveld
1 min readMay 23, 2024


Hi Justin,

I'm afraid I don't understand your question.

- What do you mean by front-end? The SPA?

- Isn't the concept of a SPA not to have full page refreshes?

I'll elaborate a little on how it works:

- The SPA (cdn), index.html, and the API = the BFF

- This means everything is on the same domain e.g. there's,,{*}

- The SPA does not "grab" an access token from the cookie, the cookie is for the site to maintain the http session only

- The SPA posts to relative urls e.g. /api/foo/bar?yada=ya, consequently, these requests will include the session cookies. This is how ASP.NET knows to which session the http request belongs


- The cookie is an ASP.NET Core Http Session cookie, we only use standard ASP.NET Core Http Sessions, nothing funky...

- Refreshing, or switching pages does not impact the validity of the cookie.

Hope this answers your question? If not, can you please provide some more context?




Albert Starreveld

Passionate about cloud native software development. Only by sharing knowledge and code we can take software development to the next level!