getSessionToken() returns null in New POS UI Extensions

Main issue: sessionToken from the POS UI Extensions session API returns null when trying to call an app backend route from a POS extension.

Key context:

• sessionToken authenticates POS extension requests to the app backend.
• POS context distinguishes userId (account logged into POS device) vs staffMemberId (store staff record).

Findings and fixes reported:

• App installation: Installing the app on the (dev) store resolved null tokens for one developer; Shopify added a documentation note clarifying this. Screenshots show the null token and the updated doc note.
• Permissions: Ensure the POS-logged-in user (userId) has the app’s permissions in Shopify Admin → Settings → Users and permissions → Staff. Granting the app access to that user restored tokens.
• Backend/session handling (Laravel/PHP): Adjustments to Shopify library files (e.g., context.php, utils.php) to correctly save sessions, and removing unintended hashing of the Shopify access token in an Eloquent model, resolved the issue.

Status: No single root cause; multiple environment/configuration factors. Practical steps are to verify app installation, confirm correct user permissions, and audit backend session storage/token handling. Discussion appears partially resolved with workarounds; no official universal fix confirmed.