CookieSession.refresh does not rotate the refresh token. The sealed session that is returned we are expected to set in the cookie still has the original refresh token.
According to https://workos.com/docs/reference/authkit/authentication/refresh-token, the underlying call does issue a replacement refresh token, however it is seemingly not being set in the refreshed session.
CookieSession.refresh does not rotate the refresh token. The sealed session that is returned we are expected to set in the cookie still has the original refresh token.
According to https://workos.com/docs/reference/authkit/authentication/refresh-token, the underlying call does issue a replacement refresh token, however it is seemingly not being set in the refreshed session.