nic-vo
commented
1 month ago I haven't actually looked at the reproduction site, but is the issue that when a user logs in via the Google provider, subsequent logins just refresh the session automatically, without Google's "Allow this app to access your info" page showing again?
Provider type
Credentials, Google
Environment
Reproduction URL
https://github.com/Sarangm3/Nextjs-propertyrental
Describe the issue
I'm facing a challenge with user login on my website, especially when users are inactive for a prolonged period.
Here's the scenario:
Users log in using either a custom sign-in with Google or with a traditional email and password. Everything works smoothly when users log in and remain active for a short period. However, problems arise when they leave the website idle for an extended period of time. Here's what happens after some time of inactivity:
When users return to the website after a while, the session doesn't get fetched automatically. Initially, I suspected that the session might have expired. So, I attempted to log in again. Surprisingly, clicking on the login button didn't trigger any action. Upon clicking the login button again, instead of redirecting me to the sign-in page, the website recognized that a session was present. This behavior is puzzling because if the session was still active, it should have been fetched during the initial attempt to log in. You can verify this behavior on my website: https://propertyrento.vercel.app/. Please log in using the Google option as the email/password login functionality is currently disabled(mail issue).
It's worth noting that this issue occurs specifically when users log in after a considerable period of inactivity. If a user logs in shortly after their previous session, everything works as expected.
I'm seeking advice on how to address this issue to ensure seamless session management on my website. Any insights or suggestions would be greatly appreciated. Thank you!
How to reproduce
To reproduce the issue:
1 Initial Login: Visit the website https://propertyrento.vercel.app/. Log in using Google because traditional email and password not working email issue. Ensure the login process is successful and you are redirected to the home page. 2 Inactivity Period: After successfully logging in, leave the website inactive for an extended period. This period should be long enough to potentially trigger issue. 3 Return to Website: After the inactive period, return to the website by visiting https://propertyrento.vercel.app/. 4 Attempt to Interact: Upon returning to the website, observe the behavior of the session management system. Check if the session is automatically fetched and if you're still logged in without any additional action required. 5 Click Login Button: If the session is not automatically fetched or if you're unsure about the session status, click on the login button. 6 Observation: Observe whether clicking the login button triggers a redirect to the sign-in page as expected. Note any inconsistencies or unexpected behavior, such as the failure to redirect despite the presence of an existing session. By following these steps, you should be able to reproduce the issue and observe the unexpected behavior in session management on the website.
Expected behavior
Expected Behavior:
-The useSession function should consistently fetch the existing session whenever the user accesses the website, regardless of the duration of inactivity. -When the user clicks on the login button, they should be redirected to the sign-in page, prompting them to log in again.
Comment: The issue lies in the inconsistency of the useSession function. It fails to detect the existing session on the first attempt, leading to unexpected behavior. Despite the presence of a session, the login button does not redirect the user to the sign-in page as expected. This inconsistency disrupts the user experience and needs to be addressed for seamless session management.