kvetoslavnovak
commented
4 months ago So I implemented invalidation by myself.. Now everything works correctly. I will update how to correct SK SSR documentation later on. The main isssue that the documentaton misses how to set up call to invalidate('supabase:auth');
Bug report
Describe the bug
I digged a lot in the new SSR Auth in SvelteKit and even made a tutorial Supabase SSR Auth with SvelteKit v1 and SvelteKit v2.
But in contrast to the older Auth Helpers this new SSR imlementation in SvelteKit might have some issues . It uses root layout. But the layout nor the session is checked for every request, nor any major invalidation is fired when the sesssion state changes.
In previous Auth Helpers if the logged in user has more browser tabs open and logges out in one tab this state change is reflected in every tab, the session/cookie is cleared and layout refreshes. But with SSR this is not the case. In SSR Auth if the logged in user has more tabs open and logges out in one tab this state change is not reflected in other tabs completely, the session/cookie is cleared but the layout state stays the same as there is still old session state.
The only way to prevent this is to manially check in every +page.server.js load function if the session is there, as the layout cannot be trusted for session state update.
There has already been warnings that the layout session attitude is not the best way to go and that the hooks are better optons. For example https://www.youtube.com/watch?v=UbhhJWV3bmI&ab_channel=Huntabyte and https://www.youtube.com/watch?v=lSm0GNnh-0I&t=793s&ab_channel=Huntabyte
Expected behavior
I expect that the layout should reflect when the session becomes null also in other browser tabs were user is logged in as this was the case in Auth Helpers. Probably the best way is to have this functianlity in hooks and not layout.
System information