Session Not Found
session_not_found401
The session token doesn't match any active session. Sign in again.
What this means
The dashboard session token in the request doesn't match any active session record. Either the session was never valid, was already cleaned up after expiration, or the token was corrupted somewhere between issuance and use. This is a dashboard/management-flow auth path, not an API-key auth path — session_not_found fires on the website, not on calls to /v1/astro/* or similar.
When you'll see this
- A long-idle browser tab tried to call a dashboard endpoint after the session was cleaned up.
- A session cookie was lost (cleared cookies, private/incognito session ended) and a stale token is being submitted.
- A token from a different environment (staging vs production) was sent.
- A user's session was forcibly invalidated by admin action and they're still trying to use it.
Learn more about how this works
Asterwise distinguishes between API keys (long-lived credentials for programmatic access) and sessions (short-lived browser sessions for dashboard use). Sessions live in a separate store with their own TTL and revocation rules. When you submit a session token we don't recognize, it returns session_not_found — same shape as api_key_not_found, different layer.
In practice: this error is almost always a dashboard-side issue, not a programmatic-API issue. If you're seeing it from server code that's calling /v1/astro/* endpoints, you're using the wrong credential type — API keys go there, not session tokens.
Example response
{
"success": false,
"error": "session_not_found",
"message": "Session not found. Please sign in again.",
"details": [],
"retry_after": null,
"doc_url": "https://docs.asterwise.com/reference/errors/session_not_found",
"request_id": "req_01HXYZABCDEFGH",
"timestamp": "2026-05-25T12:34:56Z"
}
- Sign in fresh at asterwise.com/signin to get a current session.
- If you're using a tool that automates dashboard actions (rare), regenerate the session token in that tool.
- If you're a developer calling the public API and seeing this error, switch to API key auth — sessions are for the dashboard only.
If your code legitimately uses session tokens (rare — usually only for dashboard automation), treat this as a redirect-to-signin signal.
Python:
Production handler
- Python
- TypeScript
import httpx
def call_dashboard_endpoint(url, session_token):
response = httpx.get(
url,
headers={"Authorization": f"Bearer {session_token}"},
timeout=15,
)
if response.status_code == 401:
body = response.json()
if body.get("error") == "session_not_found":
return {"ok": False, "redirect_to": "/signin"}
response.raise_for_status()
return {"ok": True, "data": response.json()}
async function callDashboardEndpoint(url: string, sessionToken: string) {
const response = await fetch(url, {
headers: { Authorization: `Bearer ${sessionToken}` },
});
if (response.status === 401) {
const body = await response.json();
if (body.error === "session_not_found") {
return { ok: false, redirectTo: "/signin" };
}
}
if (!response.ok) throw new Error(`HTTP ${response.status}`);
return { ok: true, data: await response.json() };
}
Avoid this error by
- For dashboard automation, refresh the session token before long-idle gaps.
- Never use session tokens for programmatic API calls. They're scoped to dashboard endpoints and have shorter lifetimes than API keys.
- Don't share session tokens between users or environments. Each session belongs to a specific user and browser.
- If you're building tooling on top of the dashboard, prefer API keys where possible — sessions are convenient for humans, not for code.