Documentation not clear on cookie-based apis

I am confused about what is described in the documentation here:

Retool also supports APIs that use cookies for authentication. In this scenario, the API authorizes a session by responding with a Set-Cookie header that contains an authorization token. The API then expects all future authenticated requests to send that same authorization token in the Cookies header.

so far, so good. The following is very specific and clear:

Though Retool proxies all HTTP requests through the backend, Retool supports forwarding the cookies set by the API to the user's browser. This includes attributes such as the expiration date. The cookies are then stored in a HTTPOnly cookie in the user's browser, which is tied to the lifecycle of the user's current session. All future requests the user makes to the API have the same cookie added to their request.

This says Retool supports forwarding the cookies set by the API to the user's browser. This is exactly what I am looking for. I have an API call to refresh a JWT token that is setting back the access token cooke.

But then: To configure this, tell Retool the name of the cookie that should be forwarded onto the user's browser. You can also specify a URL to check the user's authentication status.

I cannot reconcile this with what I see on the interface: There is a Cookies field, although its role is not explained. There is this 'Forward all cookies' option. But no field to specify a URL... as the documentation states.

And whichever option I try, I cannot get the access token back cookie to be update in the user's browser.

(this is self hosted retool 3.52.14-stable)

thanks !

Hey @jfpaccini! Thanks for reaching out.

I haven't personally tested this particular pattern, but the documentation that you're referencing describes the "Session Based Auth" option:

Note that it has been deprecated and isn't receiving support, but it may still work. :crossed_fingers: Let me know if you give it a shot!