search

supabase / supabase-js

An isomorphic Javascript client for Supabase. Query your Supabase database, subscribe to realtime events, upload and download files, browse typescript examples, invoke postgres functions via rpc, invoke supabase edge functions, query pgvector.
https://supabase.com
MIT License
2.86k stars 220 forks source link

supabase.auth.getSession is slow #970

Open lauri865 opened 3 months ago

lauri865 commented 3 months ago

Bug report

Describe the bug

supabase.auth.getSession() can take anywhere from 20ms up to 100ms on a fast processor (M2 Pro) when invoked e.g. during an initial page rendering phase. This feels way too slow for a function that doesn't do any network calls.

For comparison, a custom function I mocked up that reads the cookie, parses accessToken and returns the JWT as an object (json.parse+base64decode+json.parse) takes around 0.3-0.4ms under the same load, and is similarly performant during idle and rendering phase.

Benchmarks (rough): During rendering phase:

  1. Custom JWT decode: <0.4ms
  2. await supabase.auth.getSession(): ~50ms

Idle phase:

  1. Custom JWT decode: <0.4ms (very stable and predictable)
  2. await supabase.auth.getSession(): 0.8-1.7ms (significantly better, but all over the place even during an idle phase)

Given the above, it's unlikely that it's caused by anything specific to my app, since the custom implementation doesn't slow down at all during rendering phase vs. idle phase.

To Reproduce

  1. Run the below code e.g. when rendering a React component 
    console.time("getSession");
const { data, error } = await supabase.auth.getSession();
console.timeEnd("getSession");
  2. Refresh the page

Expected behavior

Under 1ms performance for a function that is doing simple local processing..

Screenshots

If applicable, add screenshots to help explain your problem.

System information

Additional context

What's worse, it's similarly slow even when there's no cookie present.

lauri865 commented 3 months ago

Just checked the implementation - could it be due to the locking mechanism? It's a bit unclear (to an outsider) why the function as a whole needs locks? Refresh session, sure, perhaps not the session fetching part.

I imagine it's often used for client-side route protections, etc. Which just adds an unnecessary delay to page renders and delay before data fetching starts.

MatthewDlr commented 2 weeks ago

Just noticed the same thing here! Meanwhile this is fixed, can you share your JWT implementation pls ?

Thx