User gets logged out after setting up stripe payment

leerob / next-saas-starter

Get started quickly with Next.js, Postgres, Stripe, and shadcn/ui.

https://next-saas-start.vercel.app

MIT License

4.45k stars 465 forks source link

User gets logged out after setting up stripe payment #8

Open jan10 opened 1 week ago

jan10 commented 1 week ago

When a user completes the setup for Stripe payment, they are unexpectedly logged out of their account.

Steps to Reproduce:

Log in to the application.
Navigate to the payment settings section.
Select the option to set up Stripe payment.
Complete the Stripe payment setup process.
Observe that the user is logged out immediately after the setup is completed.

Screenshare

https://jam.dev/c/132a5f62-4b41-43c6-a328-4b6252ccd212

MhemedAbderrahmen commented 1 week ago

User is being redirected to the /signin page but he is not logged out, this can be fixed by either:

[ ] redirecting to the home page
[ ] when user is on /signin , if he is already authorized redirects to /dashboard ( i feel like this is the best option since /signin should only be accessible when you are logged out )

PS: I can create a PR on this later on today

leerob commented 1 week ago

Huh, seems I introduced a regression here: https://github.com/leerob/next-saas-starter/pull/2/files. But I'm not really sure what it is.

It seems like after setting the cookie in the Route Handler for Stripe Checkout, it's empty when being read in the Middleware now when you redirect to /dashboard. If you look at dev tools, the cookie is successfully saved. If you reload the page, you see it.

This doesn't seem to be working either:

const sessionCookie = await setSession(user[0]);
const response = NextResponse.redirect(new URL('/dashboard', request.url));
response.headers.set('Set-Cookie', sessionCookie);
return response;

I'll have to dig more.

mono300genuine commented 1 week ago

User is being redirected to the /signin page but he is not logged out, this can be fixed by either:

[ ] redirecting to the home page

[ ] when user is on /signin , if he is already authorized redirects to /dashboard ( i feel like this is the best option since /signin should only be accessible when you are logged out )

PS: I can create a PR on this later on today

I had same issue but your article helped me.

Taimoor2500 commented 1 week ago

const sessionCookie = await setSession(user[0]); const response = NextResponse.next(); response.headers.set('Set-Cookie', sessionCookie); return response;

could you try this as some browsers might ignore Set-Cookie headers when they're part of a redirection response, you can handle redirect afterward

mono300genuine commented 1 week ago

const sessionCookie = await setSession(user[0]); const response = NextResponse.next(); response.headers.set('Set-Cookie', sessionCookie); return response;

could you try this as some browsers might ignore Set-Cookie headers when they're part of a redirection response, you can handle redirect afterward

yes