Prevent clear auth data when getSession error

[nvthuong1996]

Describe the feature

If getSession throws an exception, the backend is most likely at fault: If you clear auth data, all users using the website will have to log in again.

https://github.com/sidebase/nuxt-auth/blob/faa039b72da2c64d9c214f0502dea053c7a4ff84/src/runtime/composables/local/useAuth.ts#L99

How would you implement this?

Only clear the session when the http error code returned from the backend is 401

Additional information

• [X] Would you be willing to help implement this feature?

Provider

• [ ] AuthJS
• [X] Local
• [ ] Refresh
• [ ] New Provider

[mbellamyy]

I'm having the same problem with refresh method.

For example, when the user disconnects their Wifi and periodic refresh is turned on, with the first failed request, the user is logged out because the token data is removed from the state.

The tokens should only be removed in three cases imo:

• the user explicitly wants them removed (by signing out)
• the tokens are expired... A refresh token that is still valid should not be nullified.
• a request to refresh (and get a valid access token) fails on SSR

[zoey-kaiser]

Hi @mbellamyy and @nvthuong1996 👋

I added the rfc label to this issue. I would pull in @phoenix-ru, and we can revisit the current behavior and discuss potential modifications to it!

[nvthuong1996]

hello @phoenix-ru @zoey-kaiser ! has any update for this issue ?

[zoey-kaiser]

Hi @nvthuong1996 👋

We are currently focusing on finishing up the documentation rewrites, which is why we are currently less actively pushing forward discussions on new issues. Once we have the docs deployed we will revisit this issue (should be pretty soon).

[Ulrich-Mbouna]

Some updates for this error ?