Session only being read after "complete hard refresh"

[KayoticSully]

Hey, this is likely a case of "I'm doing it wrong" but I wanted to open an issue and see if that is the case or if this is potentially an actual issue.

Problem

I am using this library to manage my user authentication session after authenticating with an oauth2 provider. Everything does "work", but with one major caveat.

After going through the login flow, the user does not appear to be logged in. The cookie is set correctly but SvelteKit doesn't seem to notice that. The final step handles the oauth2 callback, sets the cookie and then returns a 302 redirect to send the browser back to the root page of the app. At this point it looks like the user is not logged in. If I refresh the page with cmd/ctrl + r or even cmd/ctrl + shift + r the page refreshes, but the user still remains not logged in. However, oddly, if I select the browser address bar and press enter to refresh the page, SvelteKit suddenly reads the cookie correctly and shows the user as being logged in.

This is consistent across Firefox, Chrome, and Safari. I have tried disabling cache as well but the app still has the same behavior.

Work Around

I do have a working workaround which is to return a meta redirect tag from that final step rather than doing a 302 redirect. That seems to force the browser to fully refresh properly.

Code

Here is the relevant pieces of code in a gist: https://gist.github.com/KayoticSully/433dbb9eb98f51c0a2f7dac73d53d8e4

Thoughts

This could very well be working as intended. I am new to SvelteKit and this is my first project using it. I may be making assumptions that are wrong.

Logout works perfectly fine too, it is just the login flow/redirect that seems to be problematic.

Is the use-case I am describing something that I should be able to do? If so, what could be going on here?

Sorry for the long read, but if you have any insight or pointers I would greatly appreciate it! While I do have a workaround I really want to understand why this is happening.

[pixelmund]

I'm not 100% sure why this is happening, but it seems to me that sveltekit isn't server side rendering after your login flow. The getSession hook only executes on the initial serverside-rendered request. You could redirect to an redirection page, which says something like sucessfully logged in, redirecting you... and then after a short timeout do an window.location.href = '/'. This is actually how i do authentication right now, it triggers a full reload. I'm not quite familiar with oauth but you could also create an endpoint like routes/session.ts and from there you can return locals.session.data, fetch the current session where ever you like and manually set the session store with the returned data session.set(fetchedSessionData).

[pixelmund]

@KayoticSully if you're still experiencing the issue above, you might want to check out the library i created Svemix. It provides auto session updates on the client, let's you write server code inside .svelte routes and much more.

I'll go ahead and close this issue now.