I Guess this is just a standard CORS error and the issue is due to the fact that the web app is on a different url localhost:8080 vs localhost:9000, I have allowed credentials and had to add explicit hosts to config and it started working after that.
Previously I had overridden the onSessionSave function to not persist (blank method) however, I am assuming this must be reinstated as the conversion from session to token requires a persistent session.
I am noticing that when i run each google auth chain I am getting different ss-id and ss-pid values which is good, but the ss-tok (after calling session-to-token appears to be the same. I would have expected it to change accordingly ?
Sometimes the google auth chain fails and returns me back to the page I started from.
Session-to-token appears to give me an empty array
The session Id’s are random identifiers that reference a Server Session, whereas JWT’s are an encoded form of a partial session, it’s going to be similar for most users since most of their session info remains the same but the issue date (iat) and the expiry date (exp) of the JWT will be different which will cause the signature to be different as well. You can view the contents of the JWT by pasting it in https://jwt.io