How to get the Session Token (X-Session-Token) if I have only the Session cookie?

[bymoe]

Hello!

I have a logged in Ory session with it's cookies, ory_session_...=MTcxMDk0NTIx... as a Session cookie, because I logged in via a browser, now the Backend is requiring a session token - What's that token?

How can I get the X-Session-Token for my backend if I have a cookie (logged in via browser)?

Thanks!

[alfa-alex]

I found this in the docs:

For security reasons, you can't break the isolation between cookies and session tokens.

As I understand this (correct me if I'm wrong), it's not possible (by design) to exchange a session cookie for a session token.

[jonas-jonas]

You can convert a cookie to a token: https://www.ory.sh/docs/identities/session-to-jwt-cors
Note that this issues a new token, and not a session token itself, so they work a little differently to just using session tokens.

[sw-vish]

Hi, could you please clarify in what way the converted JWTs differ from a normal Session Token? Specifically, I'm trying to use a converted JWT to call Ory APIs (eg. /self-service/settings/api) and it doesn't seem to work.