Supabase session being reset on every page load #995
Comments
|
I notice this issue too, and I cannot make sense of their logic. This basically means every time you refresh the page without a session in the URL, you will be logged out. |
|
SOLVED. I think I have found a bigger issue. The following code has an early exit that needs to fire in order to avoid losing the session. Lines 315 to 329 in b045965 But Lines 1443 to 1445 in b045965 Note the lack of a second argument to the error constructor, which is where the This commit just happened 11 hours ago: 089c687 which features the new Error call without I can confirm that this is resolved by dropping the SDK version to 2.47.5, which is the one before the last commit. |
|
After hours of debugging, this is why our app keeps logging users out after a few page refreshes! Insane that this made it through as a patch without us changing any supabase versions across our app. I was able to fix our app by adding the following overrides and reverting back. |
|
I'm using the @nuxtjs/supabase package in my Nuxt app, and I’ve noticed that with detectSessionInUrl set to true, the auth code keeps checking for a session in the URL. Since my app doesn’t rely on magic links often, there’s no session info in the URL, and it ends up resetting the session on every load. This just started happening recently—I haven’t changed my Supabase or Nuxt package versions. When I trace through the code, it always reaches this point in the auth library and invalidates the session because it can't find the session in the URL. Can someone clarify how detectSessionInUrl is supposed to behave with the Nuxt package, or if I might have misconfigured something? Thanks! |
|
We have a big Nuxt 3 + Supabase web app. In our local development environment, the issue was less consistent but still occurred randomly, often after some navigation. We traced the issue to the latest version of @supabase/auth-js. Reverting to a previous version resolved the problem. Specifically: The issue does not occur when using @supabase/auth-js version 2.66.1. Relevant packages in our package.json: The solution from harris is a good temporary fix. You can add overrides to our package.json to force @supabase/auth-js to use version 2.66.1:
|
|
Reverting the change ASAP. Sorry everyone! |
|
Thanks, can someone please help to bump the auth-js package to 2.67.1 in supabase-js? https://github.com/supabase/supabase-js/blob/master/package.json#L43 |
|
Yep having this now. Been going crazy for 2 days. Couldn't find any solutions. |
|
I had this issue as well, upon debugging, then downgrading After investigation I've got an trace that in Safari for below custom storage values aren't kept they are just disappear. By commenting out the lines below and directly assigning this.storage = window.localStorage, the issue was resolved. Lines 236 to 250 in 9751b80 I've passed In comparison Chrome console and Safari In Safari code verifier it's empty, this value should be taken from custom storage because storage is empty or just isn't exist that request return error in Safari. Initialisation login flow should kept tokens and necessary values but they just disappearing |
auth-js/src/GoTrueClient.ts
Line 310 in b045965
I notice that because
detectSessionInUrlis alwaystrue, the auth code is looking for the session in the URL and when it isn't there (every load other than magic link, in my application), it is treating it as an error and resetting.This wasn't happening the other day, and I don't think I have changed my Supabase version, so it must be a problem with my implementation somehow.. and yet, when I walk through the trace, it clearly gets to this point in the auth library every load, and of course, there is no session info still in the URL, and it kills the session. Can someone better help me understand how
detectSessionInUrlis supposed to work?Thanks!
The text was updated successfully, but these errors were encountered: