Open imageck opened 1 year ago
I see now. UserUpdate()
only returns the user portion of the data and doesn't refresh the JWT. This is why stringifySupabaseSession()
returns the old value and the new data is never recorded in the cookie.
In my view, the session data should be refreshed as well (and consequently, a new access token generated) because the client is updating the user data explicitly.
As a workaround, the client is allowed to refreshSession()
but that's another round trip…
Looking at the code, I see an opportunity where it could be changed to refresh the session on the dev's behalf, but it'd still be another trip.
Yes. Perhaps it should be done in UserUpdate()
?
What's the proper approach here? I am using user metadata for some functionality and after updating the user and deleting said metadata, my session is outdated and the user object inside still has the deleted metadata, causing a loop. We manually need to refresh the session after updating a user?
Hey @ivandamyanov,
Thanks for the feedback. For now, manually refreshing might be the way to go. Unfortunately we can't change the behaviour as it would be a breaking change for folks who may depend on the metadata not being refreshed.
Refreshing within the function is an option though it would also add a round trip as @j4w8n mentioned which not everyone might want.
We'll take this as feedback for future feature development though
Bug report
Describe the bug
Local session is not updated after calling
updateUser()
. The session data remains the same.To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
posts
.updateUser({ data: { posts: count + 1 } })
after user successfully creates a new post.useUser
or reload the page.Expected behavior
Client-side session data and token should be updated to reflect the changes.
System information
Additional context
After a
PUT
request to update the user, the retrieved session data is supposed to be saved locally with_saveSession()
. That, in turn, hands it down to_persistSession()
. During a debugger session, first two arguments tosetItemAsync(this.storage, this.storageKey, currentSession)
appear to beundefined
. This could be the reason why the JWT remains outdated client-side.It appears that the new session data is lost in
stringifySupabaseSession()
. As you can see, it only returns a select number of items, the rest is extracted from the current token. So when it's time to modify the session cookie, the new session data is mixed with the old one. As a result, most of the data modified inupdateUser()
is not recorded in the cookie. https://github.com/supabase/auth-helpers/blob/6e5b5b37dacd07ca74f7486419dda6b10bf14730/packages/shared/src/utils/cookies.ts#L69