Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
getServerSession SSR results in invalid refresh token
See original GitHub issueBug report
Describe the bug
When enabling SSR in SvelteKit and utilising the getServerSession(event) function to pull the session from the request cookies - there seems to be a race condition in which the server will refresh the token, and not pass the updated session to the client. This causes the client to attempt to refresh the session and receive an invalid refresh token response, which then wipes the client-side cookies and any authentication state.
To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
- Enable SSR in sveltekit with getServerSession
Expected behavior
Potentially leave any token refreshing to the client
Screenshots
If applicable, add screenshots to help explain your problem.
I’ve seen some docs here: https://github.com/supabase/supabase/blob/df506a9a07eb114ceefa3801479ebdf009bf08fb/apps/reference/docs/guides/auth/server-side-rendering.mdx
But it doesn’t seem to apply to my case - it seems like the server is automatically refreshing the tokens causing the clientside to fail
Issue Analytics
- State:
- Created a year ago
- Comments:7
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Okay this is actually pretty weird. The client does not call the sveltekit server to refresh the tokens therefore there must be an error on the client side. I´ll take a deeper look into this
I´ve found the cause, one instance of the supabaseClient on the server had
autoRefreshTokenenabled.Thanks for reporting the issue!