clerk · bratsos · Sep 1, 2025
diff --git a/packages/backend/src/tokens/handshake.ts b/packages/backend/src/tokens/handshake.ts
@@ -151,6 +151,10 @@ export class HandshakeService {
     url.searchParams.append(constants.QueryParameters.HandshakeReason, reason);
     url.searchParams.append(constants.QueryParameters.HandshakeFormat, 'nonce');
 
+    if (this.authenticateContext.sessionToken) {
+      url.searchParams.append(constants.Cookies.Session, this.authenticateContext.sessionToken);
+    }
+
     if (this.authenticateContext.instanceType === 'development' && this.authenticateContext.devBrowserToken) {
       url.searchParams.append(constants.QueryParameters.DevBrowser, this.authenticateContext.devBrowserToken);
     }

diff --git a/packages/clerk-js/src/core/resources/Session.ts b/packages/clerk-js/src/core/resources/Session.ts
@@ -34,7 +34,7 @@ import {
 import { clerkInvalidStrategy, clerkMissingWebAuthnPublicKeyOptions } from '../errors';
 import { eventBus, events } from '../events';
 import { SessionTokenCache } from '../tokenCache';
-import { BaseResource, PublicUserData, Token, User } from './internal';
+import { BaseResource, ClerkAPIResponseError, PublicUserData, Token, User } from './internal';
 import { SessionVerification } from './SessionVerification';
 
 export class Session extends BaseResource implements SessionResource {
@@ -369,7 +369,18 @@ export class Session extends BaseResource implements SessionResource {
     // TODO: update template endpoint to accept organizationId
     const params: Record<string, string | null> = template ? {} : { organizationId };
 
-    const tokenResolver = Token.create(path, params);
+    const tokenResolver = Token.create(path, params).catch(e => {
+      if (
+        e instanceof ClerkAPIResponseError &&
+        e.status === 422 &&
+        e.errors.length > 0 &&
+        e.errors[0].code === 'missing_expired_token' &&
+        this.lastActiveToken
+      ) {
+        return Token.create(path, { ...params, expired_token: this.lastActiveToken.getRawString() });
+      }
+      throw e;
+    });
     SessionTokenCache.set({ tokenId, tokenResolver });
 
     return tokenResolver.then(token => {