Albert Starreveld
1 min readMay 23, 2024

--

Hi Justin,

I'm afraid I don't understand your question.

- What do you mean by front-end? The SPA?

- Isn't the concept of a SPA not to have full page refreshes?

I'll elaborate a little on how it works:

- The SPA (cdn), index.html, and the API = the BFF

- This means everything is on the same domain e.g. there's www.yoursite.com/index.html, www.yoursite.com/dist/minified-spa.js, www.yoursite.com/api/{*}

- The SPA does not "grab" an access token from the cookie, the cookie is for the site to maintain the http session only

- The SPA posts to relative urls e.g. /api/foo/bar?yada=ya, consequently, these requests will include the session cookies. This is how ASP.NET knows to which session the http request belongs

Consequently,

- The cookie is an ASP.NET Core Http Session cookie, we only use standard ASP.NET Core Http Sessions, nothing funky...

- Refreshing, or switching pages does not impact the validity of the cookie.

Hope this answers your question? If not, can you please provide some more context?

Best,

--

--

Albert Starreveld

Passionate about cloud native software development. Only by sharing knowledge and code we can take software development to the next level!