Still having getSession warning whenever _saveSession is called

[larbish]

Bug report

• [X] I confirm this is a bug with Supabase, not with my own application.
• [X] I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

Maintainer of the nuxt/supabase module here.

We have a PR to migrate on the @supabase/ssr package and we're still experiencing this issue with the latest released version including your PR.

I've removed all occurrences of getSession() in the module and I still have the warning.

Any help on this would be appreciate 🙏 I can't merge and release this PR until I get rid of this warning.

To Reproduce

Clone the nuxt/supabase repository, go on https://github.com/nuxt-modules/supabase/pull/357 PR and follow the development readme to run the playground.

Notice the Using the user object as returned from supabase.auth.getSession() or from some supabase.auth.onAuthStateChange() events could be insecure warning.

Expected behavior

Do not display this warning.

[j4w8n]

Have you heard back about this?

[regg00]

@larbish, you got any news about this issue?

[larbish]

No news about it so far... @thorwebdev could someone have a check at this please? I'd love to merge my PR in the module and use @supabase/ssr package 🙏

[hf]

We'll check this as soon as we can. Any external help in tracking down where the use comes from would help speed it up.

[j4w8n]

Looks like the code calls session.user a couple of times. And it json stringifies the session as well, which would also trigger the warning.

[scottandrew]

I am seeing this constantly right now ever since updating to SSR 0.4.0 and following the documentation. Going back to SSR 0.3.0 this seems to git rid of the messages.