Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

"session_user" value is inconsistent between hosted and local versions

See original GitHub issue

Bug report

I have a psql function which references the “session_user” variable to differentiate between being called by an authenticated user and a trigger. The function is “is_claims_admin()” from this guide;

I noticed my rls policies were passing on local and failing on dev. After troubleshooting this on discord, I noticed that my hosted production isntance is returning “authenticator” for the session_user value while my local dev is returning “postgres”.

Steps to reproduce:

  1. Create a local supabase instance: supabase init (for local)
  2. Create a function which can be used to get the value of session_user with an authenticated session:
CREATE OR REPLACE FUNCTION public.sesh()
	RETURNS text
	LANGUAGE plpgsql
AS $function$
	BEGIN
		return session_user;
	END;
$function$
  1. Create a user on the supabase instance:
curl -X POST 'http://localhost:54321/auth/v1/signup' \
-H "apikey: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6ImFub24ifQ.625_WdcF3KHqz5amU0x2X5WWHP-OEs_4qj0ssLNHzTs" \
-H "Content-Type: application/json" \
-d '{
  "email": "someone@email.com",
  "password": "eORzCgpVRYTyIVmipLnY"
}'
  1. Sign in as the user and get the jwt:
curl -X POST 'http://localhost:54321/auth/v1/token?grant_type=password' \
-H "apikey: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6ImFub24ifQ.625_WdcF3KHqz5amU0x2X5WWHP-OEs_4qj0ssLNHzTs" \
-H "Content-Type: application/json" \
-d '{
  "email": "someone@email.com",
  "password": "eORzCgpVRYTyIVmipLnY"
}'
  1. Issue a rest api call with the jwt and call the function:
curl -X POST 'http://localhost:54321/rest/v1/rpc/sesh' \
-H "Content-Type: application/json" \
-H "apikey: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6ImFub24ifQ.625_WdcF3KHqz5amU0x2X5WWHP-OEs_4qj0ssLNHzTs" \
-H "Authorization: Bearer ${USER_JWT_HERE}"
  1. Observe that the output is “postgres”
  2. Repeat steps with a hosted isntance of supabase
  3. Observer that the output is “authenticator”

Expected behavior

Supabase hosted and local versions should behave the same in order for local dev environments to be useful.

System information

  • OS: macOS 13.0.1
  • Version of supabase-cli: 1.14.3

Issue Analytics

  • State:open
  • Created 10 months ago
  • Comments:9 (4 by maintainers)

github_iconTop GitHub Comments

1reaction
point-sourcecommented, Dec 13, 2022

@barbinbrad Well you can sort of workaround it by changing the $POSTGRES_USER env variable on the db container but that’s not particularly streamlined vs running the supabase cli

0reactions
barbinbradcommented, Dec 20, 2022

@barbinbrad Well you can sort of workaround it by changing the $POSTGRES_USER env variable on the db container but that’s not particularly streamlined vs running the supabase cli

Thank you!

Read more comments on GitHub >

github_iconTop Results From Across the Web

PHP Session discrepancy between development (localhost ...
This works perfectly on my local machine. When I upload to my hosted server (happens to be Google Cloud) and adjust the client...
Read more >
sessionid iRules command may return inconsistent session ID ...
The SSL::sessionid iRules command may return inconsistent session ID values. This issue occurs when all of the following conditions are met:.
Read more >
Consistency levels in Azure Cosmos DB - Microsoft Learn
Azure Cosmos DB has five consistency levels to help balance eventual consistency, availability, and latency trade-offs.
Read more >
Session Management - Amazon AWS
A centralized session management data store provides consistent user ... ways to manage user sessions including storing those sessions locally to the node ......
Read more >
What is Session Stickiness | Pros and Cons of Using ... - Imperva
Session stickiness is a process that creates an affinity between a user and ... that users are never routed to a server after...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Cannot connect anymore to realtime broadcast

Next page

deleteUser not fire USER_DELETED event in onAuthStateChange #3049